CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CVE-2023-43541

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

CVE-2025-21475

Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.

CVE-2023-43540

Memory corruption while processing the IOCTL FM HCI WRITE request.

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVE-2025-21466

Memory corruption while processing a private escape command in an event trigger.

CVE-2025-27055

Memory corruption during the image encoding process.

CVE-2025-21449

Transient DOS may occur while processing malformed length field in SSID IEs.