CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

CVE-2023-43550

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.

CVE-2024-45558

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.

CVE-2025-21468

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVE-2025-21459

Transient DOS while parsing per STA profile in ML IE.

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2024-49833

Memory corruption can occur in the camera when an invalid CID is used.

CVE-2024-49834

Memory corruption while power-up or power-down sequence of the camera sensor.

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVE-2024-45582

Memory corruption while validating number of devices in Camera kernel .

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVE-2023-33103

Transient DOS while processing CAG info IE received from NW.

CVE-2023-33084

Transient DOS while processing IE fragments from server during DTLS handshake.

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

CVE-2024-33041

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

CVE-2024-33059

Memory corruption while processing frame command IOCTL calls.

CVE-2024-38411

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

CVE-2024-33055

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

CVE-2023-43542

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

CVE-2024-53023

Memory corruption may occur while accessing a variable during extended back to back tests.

CVE-2024-45584

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN Host.

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

CVE-2025-21454

Transient DOS while processing received beacon frame.

CVE-2025-27061

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.

CVE-2024-53009

Memory corruption while operating the mailbox in Automotive.

CVE-2025-21432

Memory corruption while retrieving the CBOR data from TA.

CVE-2025-21446

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

CVE-2025-21449

Transient DOS may occur while processing malformed length field in SSID IEs.

CVE-2025-27042

Memory corruption while processing video packets received from video firmware.

CVE-2025-27043

Memory corruption while processing manipulated payload in video firmware.

CVE-2025-27052

Memory corruption while processing data packets in diag received from Unix clients.

CVE-2025-27057

Transient DOS while handling beacon frames with invalid IE header length.