75 matches found
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2025-21467
Memory corruption while reading the FW response from the shared queue.
CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
CVE-2024-45558
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
CVE-2025-21468
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVE-2023-33115
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2024-45580
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.
CVE-2025-21459
Transient DOS while parsing per STA profile in ML IE.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-49833
Memory corruption can occur in the camera when an invalid CID is used.
CVE-2024-53027
Transient DOS may occur while processing the country IE.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-45571
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2024-49834
Memory corruption while power-up or power-down sequence of the camera sensor.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2025-21453
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-53024
Memory corruption in display driver while detaching a device.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-49836
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-45553
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
CVE-2024-53014
Memory corruption may occur while validating ports and channels in Audio driver.
CVE-2024-33057
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-38405
Transient DOS while processing the CU information from RNR IE.
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-38397
Transient DOS while parsing probe response and assoc response frame.
CVE-2024-45576
Memory corruption while prociesing command buffer buffer in OPE module.
CVE-2024-45578
Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.
CVE-2024-43059
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
CVE-2024-45554
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2024-45570
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
CVE-2024-33013
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2024-33055
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
CVE-2024-43060
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
CVE-2024-43062
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.
CVE-2024-53011
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2024-45575
Memory corruption Camera kernel when large number of devices are attached through userspace.
CVE-2024-53023
Memory corruption may occur while accessing a variable during extended back to back tests.
CVE-2024-21462
Transient DOS while loading the TA ELF file.
CVE-2024-33026
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
CVE-2024-38418
Memory corruption while parsing the memory map info in IOCTL calls.
CVE-2024-21477
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
CVE-2024-43061
Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.
CVE-2024-45563
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.
CVE-2024-45567
Memory corruption while encoding JPEG format.
CVE-2024-33012
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.