CVE-2024-43047

Memory corruption while maintaining memory maps of HLOS memory.

CVE-2024-38399

Memory corruption while processing user packets to generate page faults.

CVE-2024-33069

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

CVE-2024-23374

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.

CVE-2024-23369

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

CVE-2024-33073

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2024-23376

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.

CVE-2024-33065

Memory corruption while taking snapshot when an offset variable is set by camera driver.

CVE-2024-38425

Information disclosure while sending implicit broadcast containing APP launch information.

CVE-2024-23379

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.