CVE-2026-24082

all versions

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

7.8HIGH

CVE-2025-47404

all versions

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

6.5MEDIUM

CVE-2025-47403

all versions

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

6.5MEDIUM

CVE-2025-47401

all versions

Transient DOS when processing target power rate tables during channel configuration.

6.5MEDIUM

CVE-2025-47391

all versions

Memory corruption while processing a frame request from user.

7.8HIGH

CVE-2025-47389

all versions

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

7.8HIGH

CVE-2026-21385

all versions

Memory corruption while using alignments for memory allocation.

7.8HIGH

CVE-2025-47386

all versions

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

7.8HIGH

CVE-2025-47385

all versions

Memory Corruption when accessing trusted execution environment without proper privilege check.

7.8HIGH

CVE-2025-47379

all versions

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocati

7.8HIGH

CVE-2025-47377

all versions

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

7.8HIGH

CVE-2025-47376

all versions

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

7.8HIGH

CVE-2025-47375

all versions

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

7.8HIGH

CVE-2025-47373

all versions

Memory Corruption when accessing buffers with invalid length during TA invocation.

7.8HIGH

CVE-2025-47398

all versions

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

7.8HIGH

CVE-2025-47397

all versions

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

7.8HIGH

CVE-2025-47366

all versions

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.

7.1HIGH

CVE-2025-47364

all versions

Memory corruption while calculating offset from partition start point.

6.8MEDIUM

CVE-2025-47363

all versions

Memory corruption when calculating oversized partition sizes without proper checks.

6.8MEDIUM

CVE-2025-47382

all versions

Memory corruption while loading an invalid firmware in boot loader.

7.8HIGH

CVE-2025-47370

all versions

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

6.5MEDIUM

CVE-2025-47365

all versions

Memory corruption while processing large input data from a remote source via a communication interface.

7.8HIGH

CVE-2025-47362

all versions

Information disclosure while processing message from client with invalid payload.

6.1MEDIUM

CVE-2025-47361

all versions

Memory corruption when triggering a subsystem crash with an out-of-range identifier.

7.8HIGH

CVE-2025-47360

all versions

Memory corruption while processing client message during device management.

7.8HIGH

CVE-2025-27054

all versions

Memory corruption while processing a malformed license file during reboot.

7.8HIGH

CVE-2025-27053

all versions

Memory corruption during PlayReady APP usecase while processing TA commands.

7.8HIGH