CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE-2024-33063

Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

CVE-2024-43048

Memory corruption when invalid input is passed to invoke GPU Headroom API call.

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

CVE-2024-38423

Memory corruption while processing GPU page table switch.

CVE-2023-28570

Memory corruption while processing audio effects.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

CVE-2024-43049

Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.

CVE-2024-43053

Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2024-38406

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

CVE-2024-38410

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

CVE-2024-43050

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVE-2024-38407

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

CVE-2024-38424

Memory corruption during GNSS HAL process initialization.

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CVE-2024-38403

Transient DOS while parsing BTM ML IE when per STA profile is not included.

CVE-2024-38409

Memory corruption while station LL statistic handling.

CVE-2024-43067

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.