47 matches found
CVE-2024-43047
Memory corruption while maintaining memory maps of HLOS memory.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2023-33111
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.
CVE-2023-43550
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2023-43546
Memory corruption while invoking HGSL IOCTL context create.
CVE-2023-43547
Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
CVE-2023-33115
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-23351
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2023-33101
Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-43521
Memory corruption when multiple listeners are being registered with the same file descriptor.
CVE-2024-33045
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-33057
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2024-21471
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
CVE-2023-28578
Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2024-33038
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
CVE-2024-33054
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2023-33099
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
CVE-2023-43548
Memory corruption while parsing qcp clip with invalid chunk data size.
CVE-2023-33086
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
CVE-2024-21453
Transient DOS while decoding message of size that exceeds the available system memory.
CVE-2023-33095
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
CVE-2023-33096
Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
CVE-2023-33104
Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
CVE-2023-43556
Memory corruption in Hypervisor when platform information mentioned is not aligned.
CVE-2024-21480
Memory corruption while playing audio file having large-sized input buffer.
CVE-2023-33119
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2023-43528
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2023-43527
Information disclosure while parsing dts header atom in Video.
CVE-2023-43542
Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.
CVE-2024-38401
Memory corruption while processing concurrent IOCTL calls.
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated.
CVE-2024-33047
Memory corruption when the captureRead QDCM command is invoked from user-space.
CVE-2023-43530
Memory corruption in HLOS while checking for the storage type.
CVE-2023-43529
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
CVE-2023-43555
Information disclosure in Video while parsing mp2 clip with invalid section length.