CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA buffer.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2024-45564

Memory corruption during concurrent access to server info object due to incorrect reference count update.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2024-45562

Memory corruption during concurrent access to server info object due to unprotected critical field.

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from user-space.

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server.

CVE-2024-33040

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-45570

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

CVE-2024-45566

Memory corruption during concurrent buffer access due to modification of the reference count.

CVE-2024-23369

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-33027

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

CVE-2024-33020

Transient DOS while processing TID-to-link mapping IE elements.

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

CVE-2024-23357

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

CVE-2024-23352

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

CVE-2024-21467

Information disclosure while handling beacon probe frame during scan entry generation in client side.

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.

CVE-2024-21481

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

CVE-2024-21479

Transient DOS during music playback of ALAC content.

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.