CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command parameters.

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA buffer.

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music playback.

CVE-2023-28548

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-21638

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-21633

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

CVE-2023-21635

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE-2023-21639

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.