48 matches found
CVE-2024-43048
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33120
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
CVE-2023-33064
Transient DOS in Audio when invoking callback function of ASM driver.
CVE-2023-33065
Information disclosure in Audio while accessing AVCS services from ADSP payload.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-23386
memory corruption when WiFi display APIs are invoked with large random inputs.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-33068
Memory corruption in Audio while processing IIR config data from AFE calibration block.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2023-33067
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
CVE-2023-33033
Memory corruption in Audio during playback with speaker protection.
CVE-2023-33069
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-33043
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
CVE-2024-33054
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2023-33030
Memory corruption in HLOS while running playready use-case.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-43049
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVE-2024-43053
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-38410
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
CVE-2023-43527
Information disclosure while parsing dts header atom in Video.
CVE-2023-43528
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
CVE-2024-38406
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
CVE-2024-43050
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVE-2024-33027
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVE-2024-33031
Memory corruption while processing the update SIM PB records request.
CVE-2024-33047
Memory corruption when the captureRead QDCM command is invoked from user-space.
CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-38407
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
CVE-2024-38424
Memory corruption during GNSS HAL process initialization.
CVE-2024-33068
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
CVE-2024-38403
Transient DOS while parsing BTM ML IE when per STA profile is not included.
CVE-2024-38409
Memory corruption while station LL statistic handling.
CVE-2024-23357
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.