CVE-2025-21479

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVE-2025-21480

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVE-2024-45569

Memory corruption while parsing the ML IE due to invalid frame content.

CVE-2025-21424

Memory corruption while calling the NPU driver APIs concurrently.

CVE-2025-21467

Memory corruption while reading the FW response from the shared queue.

CVE-2024-21464

Memory corruption while processing IPA statistics, when there are no active clients registered.

CVE-2024-45558

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.

CVE-2025-21468

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVE-2024-45580

Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.

CVE-2025-21459

Transient DOS while parsing per STA profile in ML IE.

CVE-2024-49833

Memory corruption can occur in the camera when an invalid CID is used.

CVE-2024-53027

Transient DOS may occur while processing the country IE.

CVE-2024-45571

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

CVE-2024-49834

Memory corruption while power-up or power-down sequence of the camera sensor.

CVE-2024-38416

Information disclosure during audio playback.

CVE-2024-49838

Information disclosure while parsing the OCI IE with invalid length.

CVE-2024-49839

Memory corruption during management frame processing due to mismatch in T2LM info element.

CVE-2024-45582

Memory corruption while validating number of devices in Camera kernel .

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2024-53024

Memory corruption in display driver while detaching a device.

CVE-2024-49836

Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2024-49832

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver.

CVE-2024-49835

Memory corruption while reading secure file.

CVE-2024-45577

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

CVE-2025-21475

Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.

CVE-2024-49845

Memory corruption during the FRS UDS generation process.

CVE-2025-21470

Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.

CVE-2024-45564

Memory corruption during concurrent access to server info object due to incorrect reference count update.

CVE-2024-45541

Memory corruption when IOCTL call is invoked from user-space to read board data.

CVE-2024-45547

Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.

CVE-2024-45562

Memory corruption during concurrent access to server info object due to unprotected critical field.

CVE-2024-45576

Memory corruption while prociesing command buffer buffer in OPE module.

CVE-2024-45578

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

CVE-2024-49840

Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.

CVE-2024-49844

Memory corruption while triggering commands in the PlayReady Trusted application.

CVE-2025-21462

Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.

CVE-2025-21469

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.

CVE-2024-33041

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

CVE-2024-33059

Memory corruption while processing frame command IOCTL calls.

CVE-2024-38411

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

CVE-2024-43059

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

CVE-2024-45546

Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.

CVE-2024-45554

Memory corruption during concurrent SSR execution due to race condition on the global maps list.

CVE-2024-45573

Memory corruption may occour while generating test pattern due to negative indexing of display ID.

CVE-2024-45561

Memory corruption while handling IOCTL call from user-space to set latency level.

CVE-2024-45570

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

CVE-2024-53034

Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset.