CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

CVE-2022-33269

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

CVE-2022-33298

Memory corruption due to use after free in Modem while modem initialization.

CVE-2022-33291

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

CVE-2023-21630

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query

CVE-2022-33270

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.

CVE-2022-25739

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

CVE-2022-25726

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

CVE-2022-33287

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.