384 matches found
CVE-2024-49847
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
CVE-2023-28548
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
CVE-2024-38405
Transient DOS while processing the CU information from RNR IE.
CVE-2024-43053
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2023-43525
Memory corruption while copying the sound model data from user to kernel buffer during sound model register.
CVE-2023-43535
Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2025-21470
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
CVE-2023-21638
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
CVE-2023-28546
Memory Corruption in SPS Application while exporting public key in sorter TA.
CVE-2023-28579
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.
CVE-2023-33112
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
CVE-2023-43524
Memory corruption when the bandpass filter order received from AHAL is not within the expected range.
CVE-2023-43532
Memory corruption while reading ACPI config through the user mode app.
CVE-2024-21456
Information Disclosure while parsing beacon frame in STA.
CVE-2024-21457
INformation disclosure while handling Multi-link IE in beacon frame.
CVE-2024-23384
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
CVE-2024-38397
Transient DOS while parsing probe response and assoc response frame.
CVE-2024-45564
Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28580
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
CVE-2024-21480
Memory corruption while playing audio file having large-sized input buffer.
CVE-2024-45541
Memory corruption when IOCTL call is invoked from user-space to read board data.
CVE-2024-45547
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.
CVE-2024-45562
Memory corruption during concurrent access to server info object due to unprotected critical field.
CVE-2024-45576
Memory corruption while prociesing command buffer buffer in OPE module.
CVE-2024-45578
Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.
CVE-2024-49840
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
CVE-2024-49844
Memory corruption while triggering commands in the PlayReady Trusted application.
CVE-2024-49846
Memory corruption while decoding of OTA messages from T3448 IE.
CVE-2025-21462
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
CVE-2025-21469
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
CVE-2023-33016
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).
CVE-2023-33038
Memory corruption while receiving a message in Bus Socket Transport Server.
CVE-2023-43554
Memory corruption while processing IOCTL handler in FastRPC.
CVE-2024-33040
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
CVE-2024-33041
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
CVE-2024-33059
Memory corruption while processing frame command IOCTL calls.
CVE-2024-38411
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
CVE-2024-43059
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
CVE-2023-33089
Transient DOS when processing a NULL buffer while parsing WLAN vdev.
CVE-2024-23383
Memory corruption when kernel driver attempts to trigger hardware fences.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-45546
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
CVE-2024-45554
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
CVE-2024-45573
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
CVE-2023-33119
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-21476
Memory corruption when the channel ID passed by user is not validated and further used.