CVE-2024-43047

Memory corruption while maintaining memory maps of HLOS memory.

CVE-2023-28581

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.

CVE-2025-21424

Memory corruption while calling the NPU driver APIs concurrently.

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

CVE-2025-21467

Memory corruption while reading the FW response from the shared queue.

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command submission.

CVE-2023-33111

Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.

CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE-2023-24851

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2023-24854

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

CVE-2024-53027

Transient DOS may occur while processing the country IE.

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE-2024-21463

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

CVE-2024-49838

Information disclosure while parsing the OCI IE with invalid length.

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

CVE-2023-43521

Memory corruption when multiple listeners are being registered with the same file descriptor.

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

CVE-2023-33090

Transient DOS while processing channel information for speaker protection v2 module in ADSP.

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CVE-2023-43549

Memory corruption while processing TPC target power table in FTM TPC.

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver.

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI interfaces.

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVE-2024-49835

Memory corruption while reading secure file.

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data size.

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

CVE-2023-21637

Memory corruption in Linux while calling system configuration APIs.

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to ou...

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVE-2023-21624

Information disclosure in DSP Services while loading dynamic module.

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.