70 matches found
CVE-2024-45569
Memory corruption while parsing the ML IE due to invalid frame content.
CVE-2025-21424
Memory corruption while calling the NPU driver APIs concurrently.
CVE-2024-23373
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-45558
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
CVE-2025-21468
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-53027
Transient DOS may occur while processing the country IE.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-38416
Information disclosure during audio playback.
CVE-2024-49838
Information disclosure while parsing the OCI IE with invalid length.
CVE-2024-49839
Memory corruption during management frame processing due to mismatch in T2LM info element.
CVE-2025-21453
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-53024
Memory corruption in display driver while detaching a device.
CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-53014
Memory corruption may occur while validating ports and channels in Audio driver.
CVE-2024-33045
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-33049
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
CVE-2024-33057
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-49835
Memory corruption while reading secure file.
CVE-2024-21471
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
CVE-2024-33069
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.
CVE-2024-33036
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-33028
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-49845
Memory corruption during the FRS UDS generation process.
CVE-2024-38405
Transient DOS while processing the CU information from RNR IE.
CVE-2024-45564
Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVE-2024-21480
Memory corruption while playing audio file having large-sized input buffer.
CVE-2024-45562
Memory corruption during concurrent access to server info object due to unprotected critical field.
CVE-2024-49844
Memory corruption while triggering commands in the PlayReady Trusted application.
CVE-2024-45581
Memory corruption while sound model registration for voice activation with audio kernel driver.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-45570
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
CVE-2024-43060
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
CVE-2024-23369
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
CVE-2024-33067
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated.
CVE-2024-21462
Transient DOS while loading the TA ELF file.
CVE-2024-21474
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
CVE-2024-38417
Information disclosure while processing IO control commands.
CVE-2024-38418
Memory corruption while parsing the memory map info in IOCTL calls.
CVE-2024-43061
Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.
CVE-2024-33012
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-38414
Information disclosure while processing information on firmware image during core initialization.
CVE-2024-43051
Information disclosure while deriving keys for a session for any Widevine use case.
CVE-2024-33015
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.