CVE-2025-21458

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.

CVE-2025-21477

Transient DOS while processing CCCH data when NW sends data with invalid length.

CVE-2025-21461

Memory corruption when programming registers through virtual CDM.

CVE-2025-21473

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.

CVE-2025-21474

Memory corruption while processing commands from A2dp sink command queue.

CVE-2025-21481

Memory corruption while performing private key encryption in trusted application.

CVE-2025-27030

information disclosure while invoking calibration data from user space to update firmware size.

CVE-2025-27036

Information disclosure when Video engine escape input data is less than expected minimum size.

CVE-2025-47329

Memory corruption while handling invalid inputs in application info setup.

CVE-2025-27037

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

CVE-2025-47316

Memory corruption due to double free when multiple threads race to set the timestamp store.

CVE-2025-47317

Memory corruption due to global buffer overflow when a test command uses an invalid payload type.

CVE-2025-47326

Transient DOS while handling command data during power control processing.

CVE-2025-47327

Memory corruption while encoding the image data.

CVE-2025-47328

Transient DOS while processing power control requests with invalid antenna or stream values.