CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

CVE-2024-38423

Memory corruption while processing GPU page table switch.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2024-33027

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.