CVE-2022-33227

Memory corruption in Linux android due to double free while calling unregister provider after register call.

CVE-2022-33245

Memory corruption in WLAN due to use after free

CVE-2022-33273

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

CVE-2022-33278

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

CVE-2022-40535

Transient DOS due to buffer over-read in WLAN while sending a packet to device.

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

CVE-2023-28574

Memory corruption in core services when Diag handler receives a command to configure event listeners.

CVE-2022-40504

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2023-21658

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

CVE-2022-34144

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

CVE-2023-21661

Transient DOS while parsing WLAN beacon or probe-response frame.

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

CVE-2022-25655

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning notify.

CVE-2023-28571

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-25746

Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.

CVE-2022-40516

Memory corruption in Core due to stack-based buffer overflow.

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields.

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-28540

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI interfaces.

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

CVE-2022-33307

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

CVE-2023-21662

Memory corruption in Core Platform while printing the response buffer in log.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2022-33260

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

CVE-2022-33263

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in log.

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

CVE-2023-21660

Transient DOS in WLAN Firmware while parsing FT Information Elements.

CVE-2023-28539

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to ou...

CVE-2022-33266

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.