CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm buffers.

CVE-2023-43523

Transient DOS while processing 11AZ RTT management action frame received through OTA.

CVE-2022-25729

Memory corruption in modem due to improper length check while copying into memory

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in log.

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query

CVE-2022-33304

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

CVE-2022-40527

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

CVE-2023-21660

Transient DOS in WLAN Firmware while parsing FT Information Elements.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

CVE-2023-33041

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33097

Transient DOS in WLAN Firmware while processing a FTMR frame.

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit IES.

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

CVE-2023-43556

Memory corruption in Hypervisor when platform information mentioned is not aligned.

CVE-2022-25739

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

CVE-2022-40533

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command parameters.

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

CVE-2022-25726

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-28548

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE-2023-33112

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN Host.

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2024-21480

Memory corruption while playing audio file having large-sized input buffer.

CVE-2024-53018

Memory corruption may occur while processing the OIS packet parser.

CVE-2022-33287

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from user-space.

CVE-2024-45578

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

CVE-2023-33016

Transient DOS in WLAN firmware while parsing MLO (multi-link operation).

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

CVE-2024-45576

Memory corruption while prociesing command buffer buffer in OPE module.