CVE-2024-45575

Memory corruption Camera kernel when large number of devices are attached through userspace.

CVE-2024-49829

Memory corruption can occur during context user dumps due to inadequate checks on buffer length.

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type.

CVE-2023-43538

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-21474

Memory corruption when size of buffer from previous call is used without validation or re-initialization.

CVE-2024-23360

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

CVE-2024-33065

Memory corruption while taking snapshot when an offset variable is set by camera driver.

CVE-2024-38417

Information disclosure while processing IO control commands.

CVE-2024-38418

Memory corruption while parsing the memory map info in IOCTL calls.

CVE-2024-38420

Memory corruption while configuring a Hypervisor based input virtual device.

CVE-2024-43050

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

CVE-2024-45542

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

CVE-2024-45560

Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.

CVE-2024-45584

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2024-23376

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.

CVE-2024-43051

Information disclosure while deriving keys for a session for any Widevine use case.

CVE-2024-43057

Memory corruption while processing command in Glink linux.

CVE-2024-43061

Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.

CVE-2024-45548

Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.

CVE-2024-23377

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

CVE-2024-33033

Memory corruption while processing IOCTL calls to unmap the buffers.

CVE-2024-38419

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

CVE-2024-45563

Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.

CVE-2024-45567

Memory corruption while encoding JPEG format.

CVE-2024-45579

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVE-2024-38414

Information disclosure while processing information on firmware image during core initialization.

CVE-2024-38425

Information disclosure while sending implicit broadcast containing APP launch information.

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVE-2024-23379

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.

CVE-2024-43056

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

CVE-2024-45568

Memory corruption due to improper bounds check while command handling in camera-kernel driver.

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

CVE-2024-38407

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

CVE-2024-33030

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

CVE-2024-38424

Memory corruption during GNSS HAL process initialization.

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN Host.

CVE-2024-43055

Memory corruption while processing camera use case IOCTL call.

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CVE-2024-38403

Transient DOS while parsing BTM ML IE when per STA profile is not included.

CVE-2024-38409

Memory corruption while station LL statistic handling.

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section length.

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

CVE-2024-21467

Information disclosure while handling beacon probe frame during scan entry generation in client side.

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.