140 matches found
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-21670
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
CVE-2023-21656
Memory corruption in WLAN HOST while receiving an WMI event from firmware.
CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation.
CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2023-22387
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
CVE-2023-24851
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
CVE-2023-43550
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2023-33110
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
CVE-2025-21468
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVE-2023-33087
Memory corruption in Core while processing RX intent request.
CVE-2025-21459
Transient DOS while parsing per STA profile in ML IE.
CVE-2023-28584
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).
CVE-2024-45580
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.
CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
CVE-2023-24854
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-49833
Memory corruption can occur in the camera when an invalid CID is used.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-49834
Memory corruption while power-up or power-down sequence of the camera sensor.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-53024
Memory corruption in display driver while detaching a device.
CVE-2024-53014
Memory corruption may occur while validating ports and channels in Audio driver.
CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-45553
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
CVE-2024-33057
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
CVE-2024-33038
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
CVE-2022-40529
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
CVE-2022-40512
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
CVE-2023-28555
Transient DOS in Audio while remapping channel buffer in media codec decoding.
CVE-2024-38405
Transient DOS while processing the CU information from RNR IE.
CVE-2023-33115
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2022-40513
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
CVE-2023-21652
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
CVE-2022-34146
Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
CVE-2023-28556
Cryptographic issue in HLOS during key management.
CVE-2022-33306
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
CVE-2023-43533
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
CVE-2024-33013
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2022-33242
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-33309
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
CVE-2023-33027
Transient DOS in WLAN Firmware while parsing rsn ies.
CVE-2023-33036
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.
CVE-2023-33037
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.
CVE-2023-43536
Transient DOS while parse fils IE with length equal to 1.
CVE-2024-33026
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
CVE-2022-40502
Transient DOS due to improper input validation in WLAN Host.