CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

CVE-2024-49838

Information disclosure while parsing the OCI IE with invalid length.

CVE-2024-49839

Memory corruption during management frame processing due to mismatch in T2LM info element.

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2024-53024

Memory corruption in display driver while detaching a device.

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver.

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2024-33038

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2024-38405

Transient DOS while processing the CU information from RNR IE.

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security Exchange.

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

CVE-2023-33058

Information disclosure in Modem while processing SIB5.

CVE-2024-23384

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.

CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

CVE-2024-33026

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

CVE-2023-33049

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

CVE-2023-33072

Memory corruption in Core while processing control functions.

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory Corruption.

CVE-2023-28556

Cryptographic issue in HLOS during key management.

CVE-2024-33034

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

CVE-2023-33044

Transient DOS in Data modem while handling TLB control messages from the Network.

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

CVE-2023-33037

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

CVE-2024-23382

Memory corruption while processing graphics kernel driver request to create DMA fence.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2023-33043

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

CVE-2023-33057

Transient DOS in Multi-Mode Call Processor while processing UE policy container.

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.