CVE-2023-43547

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

CVE-2025-21468

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVE-2022-25724

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

CVE-2023-33087

Memory corruption in Core while processing RX intent request.

CVE-2025-21459

Transient DOS while parsing per STA profile in ML IE.

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).

CVE-2023-33113

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

CVE-2022-33214

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

CVE-2023-43514

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation.

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CVE-2023-24854

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2024-23351

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

CVE-2024-53027

Transient DOS may occur while processing the country IE.

CVE-2024-38415

Memory corruption while handling session errors from firmware.

CVE-2022-25741

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

CVE-2024-49838

Information disclosure while parsing the OCI IE with invalid length.

CVE-2024-49839

Memory corruption during management frame processing due to mismatch in T2LM info element.

CVE-2024-53024

Memory corruption in display driver while detaching a device.

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver.

CVE-2024-21455

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVE-2024-38399

Memory corruption while processing user packets to generate page faults.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI command.

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CVE-2024-33049

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.