CVE-2024-43047

Memory corruption while maintaining memory maps of HLOS memory.

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

CVE-2025-21467

Memory corruption while reading the FW response from the shared queue.

CVE-2023-43550

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.

CVE-2025-21468

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVE-2024-49833

Memory corruption can occur in the camera when an invalid CID is used.

CVE-2024-49834

Memory corruption while power-up or power-down sequence of the camera sensor.

CVE-2024-45582

Memory corruption while validating number of devices in Camera kernel .

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2023-43521

Memory corruption when multiple listeners are being registered with the same file descriptor.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2024-49832

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

CVE-2024-49835

Memory corruption while reading secure file.

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVE-2024-45577

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

CVE-2023-43515

Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.

CVE-2024-49845

Memory corruption during the FRS UDS generation process.

CVE-2024-45564

Memory corruption during concurrent access to server info object due to incorrect reference count update.

CVE-2024-45562

Memory corruption during concurrent access to server info object due to unprotected critical field.

CVE-2024-45576

Memory corruption while prociesing command buffer buffer in OPE module.

CVE-2024-45578

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

CVE-2024-49844

Memory corruption while triggering commands in the PlayReady Trusted application.

CVE-2024-45554

Memory corruption during concurrent SSR execution due to race condition on the global maps list.

CVE-2024-45570

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

CVE-2024-45566

Memory corruption during concurrent buffer access due to modification of the reference count.

CVE-2024-49841

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CVE-2023-43542

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

CVE-2024-45575

Memory corruption Camera kernel when large number of devices are attached through userspace.

CVE-2024-49829

Memory corruption can occur during context user dumps due to inadequate checks on buffer length.

CVE-2024-38418

Memory corruption while parsing the memory map info in IOCTL calls.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type.

CVE-2024-45563

Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.

CVE-2024-45567

Memory corruption while encoding JPEG format.

CVE-2024-45579

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

CVE-2025-21454

Transient DOS while processing received beacon frame.