CVE-2025-21455

Memory corruption while submitting blob data to kernel space though IOCTL.

CVE-2025-21456

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.

CVE-2025-21452

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.

CVE-2025-21472

Information disclosure while capturing logs as eSE debug messages are logged.

CVE-2025-27071

Memory corruption while processing specific files in Powerline Communication Firmware.

CVE-2025-21458

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.

CVE-2025-21477

Transient DOS while processing CCCH data when NW sends data with invalid length.

CVE-2025-27068

Memory corruption while processing an IOCTL command with an arbitrary address.

CVE-2025-27069

Memory corruption while processing DDI command calls.

CVE-2025-27073

Transient DOS while creating NDP instance.

CVE-2025-27075

Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.

CVE-2025-27076

Memory corruption while processing simultaneous requests via escape path.

CVE-2025-21461

Memory corruption when programming registers through virtual CDM.

CVE-2025-21473

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.

CVE-2025-21474

Memory corruption while processing commands from A2dp sink command queue.

CVE-2025-27065

Transient DOS while processing a frame with malformed shared-key descriptor.

CVE-2025-27067

Memory corruption while processing DDI call with invalid buffer.