CVE-2024-49845

Memory corruption during the FRS UDS generation process.

CVE-2024-49847

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE-2023-43545

Memory corruption when more scan frequency list or channels are sent from the user space.

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2024-49844

Memory corruption while triggering commands in the PlayReady Trusted application.

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN Host.

CVE-2023-43544

Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

CVE-2024-38401

Memory corruption while processing concurrent IOCTL calls.

CVE-2024-49841

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CVE-2023-43542

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

CVE-2024-23369

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

CVE-2024-53023

Memory corruption may occur while accessing a variable during extended back to back tests.

CVE-2024-43060

Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.

CVE-2024-45584

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-38404

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2024-43057

Memory corruption while processing command in Glink linux.

CVE-2024-38419

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVE-2024-38424

Memory corruption during GNSS HAL process initialization.

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CVE-2024-38403

Transient DOS while parsing BTM ML IE when per STA profile is not included.

CVE-2024-45557

Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.

CVE-2024-23352

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

CVE-2025-27057

Transient DOS while handling beacon frames with invalid IE header length.

CVE-2025-27061

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

CVE-2025-27042

Memory corruption while processing video packets received from video firmware.

CVE-2025-27043

Memory corruption while processing manipulated payload in video firmware.

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

CVE-2024-21479

Transient DOS during music playback of ALAC content.

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

CVE-2025-27052

Memory corruption while processing data packets in diag received from Unix clients.

CVE-2024-53009

Memory corruption while operating the mailbox in Automotive.

CVE-2025-21432

Memory corruption while retrieving the CBOR data from TA.

CVE-2025-21446

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

CVE-2025-21456

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.

CVE-2025-27065

Transient DOS while processing a frame with malformed shared-key descriptor.