CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-21473

Memory corruption while redirecting log file to any file location with any file name.

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

CVE-2023-33105

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

CVE-2023-43523

Transient DOS while processing 11AZ RTT management action frame received through OTA.

CVE-2023-33032

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.