CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

CVE-2025-21467

Memory corruption while reading the FW response from the shared queue.

CVE-2024-45558

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.

CVE-2025-21468

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

CVE-2024-49843

Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.

CVE-2025-21459

Transient DOS while parsing per STA profile in ML IE.

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2024-49833

Memory corruption can occur in the camera when an invalid CID is used.

CVE-2024-45571

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

CVE-2024-49834

Memory corruption while power-up or power-down sequence of the camera sensor.

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVE-2024-45582

Memory corruption while validating number of devices in Camera kernel .

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2023-33105

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2024-49832

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-49835

Memory corruption while reading secure file.

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVE-2023-33103

Transient DOS while processing CAG info IE received from NW.

CVE-2023-33084

Transient DOS while processing IE fragments from server during DTLS handshake.

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

CVE-2024-49845

Memory corruption during the FRS UDS generation process.

CVE-2024-49847

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.

CVE-2024-49844

Memory corruption while triggering commands in the PlayReady Trusted application.

CVE-2024-33041

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

CVE-2024-33059

Memory corruption while processing frame command IOCTL calls.

CVE-2024-38411

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

CVE-2024-38413

Memory corruption while processing frame packets.

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

CVE-2024-33055

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

CVE-2024-49841

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CVE-2024-38412

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

CVE-2024-38404

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.

CVE-2024-45584

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type.

CVE-2024-45583

Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.