SB2025020378 - Multiple vulnerabilities in Qualcomm chipsets
Published: February 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Buffer over-read (CVE-ID: CVE-2024-38404)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
2) Improper Validation of Array Index (CVE-ID: CVE-2024-49843)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics_Linux. A local application can execute arbitrary code.
3) Improper Validation of Array Index (CVE-ID: CVE-2024-49834)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.
4) Improper Validation of Array Index (CVE-ID: CVE-2024-49833)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.
5) Improper Validation of Array Index (CVE-ID: CVE-2024-49832)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.
6) Improper Validation of Array Index (CVE-ID: CVE-2024-45582)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera Driver. A local application can execute arbitrary code.
7) Use After Free (CVE-ID: CVE-2024-45571)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Host Communication. A local application can execute arbitrary code.
8) Improper Validation of Array Index (CVE-ID: CVE-2024-45569)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can execute arbitrary code.
9) Buffer over-read (CVE-ID: CVE-2024-45561)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Windows WLAN Host. A local application can execute arbitrary code.
10) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2024-49840)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Windows Host. A local application can execute arbitrary code.
11) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-45560)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.
12) Improper Validation of Array Index (CVE-ID: CVE-2024-49837)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive OS Platform QNX. A local application can execute arbitrary code.
13) Buffer overflow (CVE-ID: CVE-2024-38420)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error while configuring a Hypervisor based input virtual device. A local user can trigger memory corruption and execute arbitrary code on the target system.
14) Buffer over-read (CVE-ID: CVE-2024-38416)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.
15) Buffer over-read (CVE-ID: CVE-2024-38414)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Computer Vision. A local application can read and manipulate data.
16) Untrusted Pointer Dereference (CVE-ID: CVE-2024-45584)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive Android OS. A local application can execute arbitrary code.
17) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2024-45573)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local application can execute arbitrary code.
18) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-38418)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera Linux. A local application can execute arbitrary code.
19) Buffer over-read (CVE-ID: CVE-2024-38417)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Automotive Multimedia. A local application can read and manipulate data.
20) Buffer overflow (CVE-ID: CVE-2024-38413)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when handling frame packets. A local user can trigger memory corruption and execute arbitrary code on the target system.
21) Use After Free (CVE-ID: CVE-2024-38412)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Computer Vision. A local application can read and manipulate data.
22) Use After Free (CVE-ID: CVE-2024-38411)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to improper input validation in Computer Vision. A local application can read, manipulate or delete data.
23) Buffer over-read (CVE-ID: CVE-2024-49839)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN Host Cmn. A remote attacker can read and manipulate data.
24) Buffer over-read (CVE-ID: CVE-2024-49838)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read and manipulate data.
Remediation
Install update from vendor's website.