192 matches found
CVE-2022-40503
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
CVE-2022-33269
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
CVE-2022-33298
Memory corruption due to use after free in Modem while modem initialization.
CVE-2023-33106
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVE-2025-21480
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVE-2023-21657
Memoru corruption in Audio when ADSP sends input during record use case.
CVE-2023-21670
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
CVE-2023-21656
Memory corruption in WLAN HOST while receiving an WMI event from firmware.
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVE-2023-21669
Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
CVE-2023-33120
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation.
CVE-2023-28553
Information Disclosure in WLAN Host when processing WMI event command.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2023-33079
Memory corruption in Audio while running invalid audio recording from ADSP.
CVE-2023-33031
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
CVE-2023-33059
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-33094
Memory corruption while running VK synchronization with KASAN enabled.
CVE-2023-33117
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
CVE-2023-33055
Memory Corruption in Audio while invoking callback function in driver from ADSP.
CVE-2023-33110
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
CVE-2024-23373
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2023-33035
Memory corruption while invoking callback function of AFE from ADSP.
CVE-2023-33114
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2023-28572
Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.
CVE-2023-33092
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2023-33064
Transient DOS in Audio when invoking callback function of ASM driver.
CVE-2022-33231
Memory corruption due to double free in core while initializing the encryption key.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2023-22388
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-33065
Information disclosure in Audio while accessing AVCS services from ADSP payload.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2022-40532
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2023-21628
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2023-33028
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
CVE-2022-40529
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
CVE-2023-28563
Information disclosure in IOE Firmware while handling WMI command.
CVE-2023-33068
Memory corruption in Audio while processing IIR config data from AFE calibration block.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2023-24849
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
CVE-2023-28537
Memory corruption while allocating memory in COmxApeDec module in Audio.