Wcd9306 Firmware Security Vulnerabilities

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33032

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33072

Memory corruption in Core while processing control functions.

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.