CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2023-21658

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

CVE-2023-33085

Memory corruption in wearables while processing data from AON.

CVE-2024-33026

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

CVE-2023-33014

Information disclosure in Core services while processing a Diag command.

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning notify.

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

CVE-2023-43549

Memory corruption while processing TPC target power table in FTM TPC.

CVE-2024-33034

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields.

CVE-2023-33081

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

CVE-2024-23382

Memory corruption while processing graphics kernel driver request to create DMA fence.

CVE-2022-33224

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

CVE-2022-33307

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

CVE-2023-43523

Transient DOS while processing 11AZ RTT management action frame received through OTA.

CVE-2024-33023

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

CVE-2024-49835

Memory corruption while reading secure file.

CVE-2022-33263

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm buffers.

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-33041

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

CVE-2024-33020

Transient DOS while processing TID-to-link mapping IE elements.

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.

CVE-2023-33097

Transient DOS in WLAN Firmware while processing a FTMR frame.

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

CVE-2024-33018

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit IES.

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

CVE-2024-33019

Transient DOS while parsing the received TID-to-link mapping action frame.

CVE-2023-21624

Information disclosure in DSP Services while loading dynamic module.