39 matches found
CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2023-43550
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2023-43546
Memory corruption while invoking HGSL IOCTL context create.
CVE-2023-33115
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-43547
Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
CVE-2023-33113
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
CVE-2023-33072
Memory corruption in Core while processing control functions.
CVE-2023-43514
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2023-33076
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-28578
Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2023-33085
Memory corruption in wearables while processing data from AON.
CVE-2024-33045
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-33028
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2023-33112
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2023-33119
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43542
Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.
CVE-2024-23369
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated.
CVE-2023-43538
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
CVE-2024-21462
Transient DOS while loading the TA ELF file.
CVE-2023-43530
Memory corruption in HLOS while checking for the storage type.
CVE-2024-38419
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
CVE-2024-33022
Memory corruption while allocating memory in HGSL driver.
CVE-2024-23357
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
CVE-2024-21481
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
CVE-2024-23355
Memory corruption when keymaster operation imports a shared key.
CVE-2024-23356
Memory corruption during session sign renewal request calls in HLOS.
CVE-2024-33021
Memory corruption while processing IOCTL call to set metainfo.