59 matches found
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2024-21464
Memory corruption while processing IPA statistics, when there are no active clients registered.
CVE-2024-23373
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2025-21468
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVE-2024-23354
Memory corruption when the IOCTL call is interrupted by a signal.
CVE-2024-23372
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-23351
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-23380
Memory corruption while handling user packets during VBO bind operation.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-49833
Memory corruption can occur in the camera when an invalid CID is used.
CVE-2024-53027
Transient DOS may occur while processing the country IE.
CVE-2024-21463
Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-49834
Memory corruption while power-up or power-down sequence of the camera sensor.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-49838
Information disclosure while parsing the OCI IE with invalid length.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2025-21453
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-53024
Memory corruption in display driver while detaching a device.
CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-45553
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
CVE-2024-53014
Memory corruption may occur while validating ports and channels in Audio driver.
CVE-2024-33045
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-21471
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
CVE-2024-33043
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
CVE-2024-33038
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-23384
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
CVE-2024-21480
Memory corruption while playing audio file having large-sized input buffer.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated.
CVE-2024-21462
Transient DOS while loading the TA ELF file.
CVE-2024-33034
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
CVE-2024-23382
Memory corruption while processing graphics kernel driver request to create DMA fence.
CVE-2024-33012
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-43051
Information disclosure while deriving keys for a session for any Widevine use case.
CVE-2024-33015
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
CVE-2024-33023
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2024-33014
Transient DOS while parsing ESP IE from beacon/probe response frame.
CVE-2024-33010
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
CVE-2024-38424
Memory corruption during GNSS HAL process initialization.
CVE-2024-33011
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-43056
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
CVE-2024-33032
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.