Sd675 Firmware Security Vulnerabilities

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

CVE-2023-33072

Memory corruption in Core while processing control functions.

CVE-2023-33076

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.