CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2023-33049

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

CVE-2023-33044

Transient DOS in Data modem while handling TLB control messages from the Network.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2023-33076

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

CVE-2022-33305

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

CVE-2023-33043

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

CVE-2023-33057

Transient DOS in Multi-Mode Call Processor while processing UE policy container.

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2022-40504

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

CVE-2022-34144

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

CVE-2023-33014

Information disclosure in Core services while processing a Diag command.

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-40508

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.

CVE-2023-33060

Transient DOS in Core when DDR memory check is called while DDR is not initialized.

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.

CVE-2023-33040

Transient DOS in Data Modem during DTLS handshake.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

CVE-2022-33251

Transient DOS due to reachable assertion in Modem because of invalid network configuration.

CVE-2022-33270

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

CVE-2023-33042

Transient DOS in Modem after RRC Setup message is received.

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2022-40538

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVE-2024-23352

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.