104 matches found
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2025-21424
Memory corruption while calling the NPU driver APIs concurrently.
CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation.
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2025-21467
Memory corruption while reading the FW response from the shared queue.
CVE-2023-33079
Memory corruption in Audio while running invalid audio recording from ADSP.
CVE-2024-45558
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
CVE-2025-21468
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVE-2023-33087
Memory corruption in Core while processing RX intent request.
CVE-2025-21459
Transient DOS while parsing per STA profile in ML IE.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-53027
Transient DOS may occur while processing the country IE.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-45571
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2024-49834
Memory corruption while power-up or power-down sequence of the camera sensor.
CVE-2024-53024
Memory corruption in display driver while detaching a device.
CVE-2025-21453
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-53014
Memory corruption may occur while validating ports and channels in Audio driver.
CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-33057
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2023-33115
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2024-33038
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
CVE-2024-33054
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2023-33101
Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
CVE-2024-38405
Transient DOS while processing the CU information from RNR IE.
CVE-2023-33099
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
CVE-2023-33018
Memory corruption while using the UIM diag command to get the operators name.
CVE-2024-33013
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2024-33026
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
CVE-2024-49835
Memory corruption while reading secure file.
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-33098
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
CVE-2024-33012
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33015
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
CVE-2025-21475
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
CVE-2023-28587
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-33020
Transient DOS while processing TID-to-link mapping IE elements.
CVE-2023-33017
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
CVE-2024-33010
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
CVE-2024-33014
Transient DOS while parsing ESP IE from beacon/probe response frame.
CVE-2024-33024
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
CVE-2024-33011
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-33018
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
CVE-2024-33019
Transient DOS while parsing the received TID-to-link mapping action frame.