CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to ou...

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CVE-2024-33038

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

CVE-2024-38421

Memory corruption while processing GPU commands.

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVE-2023-33097

Transient DOS in WLAN Firmware while processing a FTMR frame.

CVE-2023-33103

Transient DOS while processing CAG info IE received from NW.

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

CVE-2024-21470

Memory corruption while allocating memory for graphics.

CVE-2024-33036

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-24844

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-33077

Memory corruption in HLOS while converting from authorization token to HIDL vector.

CVE-2023-33078

Information Disclosure while processing IOCTL request in FastRPC.

CVE-2023-33084

Transient DOS while processing IE fragments from server during DTLS handshake.

CVE-2024-21458

Information disclosure while handling SA query action frame.

CVE-2024-45577

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

CVE-2023-43556

Memory corruption in Hypervisor when platform information mentioned is not aligned.

CVE-2025-21475

Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.

CVE-2023-21641

An app with non-privileged access can change global system brightness and cause undesired system behavior.

CVE-2023-22668

Memory Corruption in Audio while invoking IOCTLs calls from the user-space.

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

CVE-2023-43515

Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.

CVE-2024-21466

Information disclosure while parsing sub-IE length during new IE generation.

CVE-2023-28539

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command parameters.

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

CVE-2023-43540

Memory corruption while processing the IOCTL FM HCI WRITE request.

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

CVE-2024-43049

Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.

CVE-2024-49845

Memory corruption during the FRS UDS generation process.