CVE-2024-33056

all versions

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

8.4HIGH

CVE-2024-33053

all versions

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

6.7MEDIUM

CVE-2024-33044

all versions

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

8.4HIGH

CVE-2024-38423

all versions

Memory corruption while processing GPU page table switch.

7.8HIGH

CVE-2024-38422

all versions

Memory corruption while processing voice packet with arbitrary data received from ADSP.

7.8HIGH

CVE-2024-38415

all versions

Memory corruption while handling session errors from firmware.

7.8HIGH

CVE-2024-38408

all versions

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

8.2HIGH

CVE-2024-33032

all versions

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

6.7MEDIUM

CVE-2024-33043

all versions

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

5.5MEDIUM

CVE-2024-33014

all versions

Transient DOS while parsing ESP IE from beacon/probe response frame.

7.5HIGH

CVE-2024-23357

all versions

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

6.2MEDIUM

CVE-2023-43536

all versions

Transient DOS while parse fils IE with length equal to 1.

7.5HIGH

CVE-2023-43533

all versions

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

7.5HIGH

CVE-2023-43522

all versions

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

7.5HIGH

CVE-2023-43519

all versions

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

7.3HIGH

CVE-2023-43518

all versions

Memory corruption in video while parsing invalid mp2 clip.

7.3HIGH

CVE-2023-43513

all versions

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitr

7.8HIGH

CVE-2023-33076

all versions

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

5.9MEDIUM

CVE-2023-33072

all versions

Memory corruption in Core while processing control functions.

9.3CRITICAL

CVE-2023-33057

all versions

Transient DOS in Multi-Mode Call Processor while processing UE policy container.

7.5HIGH

CVE-2023-33049

all versions

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

7.5HIGH

CVE-2023-43511

all versions

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

7.5HIGH

CVE-2023-33120

all versions

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

7.8HIGH

CVE-2023-33118

all versions

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get p

7.8HIGH

CVE-2023-33117

all versions

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MOD

7.8HIGH

CVE-2023-33114

all versions

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the

8.4HIGH

CVE-2023-33110

all versions

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP an

7.8HIGH

CVE-2023-33109

all versions

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

7.5HIGH

CVE-2023-33094

all versions

Memory corruption while running VK synchronization with KASAN enabled.

8.4HIGH

CVE-2023-33062

all versions

Transient DOS in WLAN Firmware while parsing a BTM request.

7.5HIGH

CVE-2023-33040

all versions

Transient DOS in Data Modem during DTLS handshake.

7.5HIGH

CVE-2023-33038

all versions

Memory corruption while receiving a message in Bus Socket Transport Server.

6.7MEDIUM

CVE-2023-33037

all versions

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

7.1HIGH

CVE-2023-33036

all versions

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

7.1HIGH

CVE-2023-33033

all versions

Memory corruption in Audio during playback with speaker protection.

8.4HIGH

CVE-2023-33030

all versions

Memory corruption in HLOS while running playready use-case.

9.3CRITICAL

CVE-2023-33107

all versions

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

8.4HIGH

CVE-2023-33106

all versions

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

8.4HIGH

CVE-2023-33098

all versions

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

7.5HIGH

CVE-2023-33092

all versions

Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.

8.4HIGH

CVE-2023-33088

all versions

Memory corruption when processing cmd parameters while parsing vdev.

8.4HIGH

CVE-2023-28588

all versions

Transient DOS in Bluetooth Host while rfc slot allocation.

7.5HIGH

CVE-2023-28587

all versions

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

7.8HIGH

CVE-2023-28586

all versions

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

6.0MEDIUM

CVE-2023-28585

all versions

Memory corruption while loading an ELF segment in TEE Kernel.

8.2HIGH

CVE-2023-28551

all versions

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

7.8HIGH

CVE-2023-28550

all versions

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

7.8HIGH

CVE-2023-28546

all versions

Memory Corruption in SPS Application while exporting public key in sorter TA.

7.8HIGH

CVE-2023-28569

all versions

Information disclosure in WLAN HAL while handling command through WMI interfaces.

6.1MEDIUM

CVE-2023-28568

all versions

Information disclosure in WLAN HAL when reception status handler is called.

6.1MEDIUM

CVE-2023-28566

all versions

Information disclosure in WLAN HAL while handling the WMI state info command.

6.1MEDIUM

CVE-2023-28563

all versions

Information disclosure in IOE Firmware while handling WMI command.

6.1MEDIUM

CVE-2023-28556

all versions

Cryptographic issue in HLOS during key management.

7.1HIGH

CVE-2023-28545

all versions

Memory corruption in TZ Secure OS while loading an app ELF.

8.2HIGH

CVE-2023-24852

all versions

Memory Corruption in Core due to secure memory access by user while loading modem image.

8.4HIGH

CVE-2023-22388

all versions

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

9.8CRITICAL

CVE-2023-28559

all versions

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

7.8HIGH

CVE-2023-28558

all versions

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

7.8HIGH

CVE-2023-28557

all versions

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

7.8HIGH

CVE-2023-28549

all versions

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

7.8HIGH

CVE-2023-28544

all versions

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

7.8HIGH