CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

CVE-2024-33041

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

CVE-2022-25653

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2022-25696

Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2024-33020

Transient DOS while processing TID-to-link mapping IE elements.

CVE-2024-45576

Memory corruption while prociesing command buffer buffer in OPE module.

CVE-2024-45578

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

CVE-2024-49846

Memory corruption while decoding of OTA messages from T3448 IE.

CVE-2023-33016

Transient DOS in WLAN firmware while parsing MLO (multi-link operation).

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server.

CVE-2023-33119

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

CVE-2024-43059

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

CVE-2022-22066

Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

CVE-2024-33018

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

CVE-2024-33019

Transient DOS while parsing the received TID-to-link mapping action frame.

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2024-33055

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

CVE-2024-38426

While processing the authentication message in UE, improper authentication may lead to information disclosure.

CVE-2024-45554

Memory corruption during concurrent SSR execution due to race condition on the global maps list.

CVE-2024-45570

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

CVE-2024-49841

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CVE-2024-53011

Information disclosure may occur due to improper permission and access controls to Video Analytics engine.

CVE-2023-43542

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-23369

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

CVE-2024-33073

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2024-53023

Memory corruption may occur while accessing a variable during extended back to back tests.

CVE-2023-43531

Memory corruption while verifying the serialized header when the key pairs are generated.

CVE-2024-43060

Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.

CVE-2024-43062

Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.

CVE-2024-45575

Memory corruption Camera kernel when large number of devices are attached through userspace.

CVE-2024-53025

Transient DOS can occur while processing UCI command.

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type.

CVE-2023-43538

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-38404

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.

CVE-2024-38418

Memory corruption while parsing the memory map info in IOCTL calls.

CVE-2024-38420

Memory corruption while configuring a Hypervisor based input virtual device.

CVE-2024-45584

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.