16 matches found
CVE-2025-21467
Memory corruption while reading the FW response from the shared queue.
CVE-2025-21468
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVE-2025-21459
Transient DOS while parsing per STA profile in ML IE.
CVE-2025-21453
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-49835
Memory corruption while reading secure file.
CVE-2025-21475
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
CVE-2024-49845
Memory corruption during the FRS UDS generation process.
CVE-2024-49847
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
CVE-2025-21470
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
CVE-2025-21469
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
CVE-2024-49844
Memory corruption while triggering commands in the PlayReady Trusted application.
CVE-2024-49846
Memory corruption while decoding of OTA messages from T3448 IE.
CVE-2025-21462
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
CVE-2024-49842
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
CVE-2024-49841
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
CVE-2024-45583
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.