CVE-2026-21378

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

7.8HIGH

CVE-2026-21376

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

7.8HIGH

CVE-2026-21375

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

7.8HIGH

CVE-2026-21374

all versions

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

7.8HIGH

CVE-2026-21373

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

7.8HIGH

CVE-2026-21371

all versions

Memory Corruption when retrieving output buffer with insufficient size validation.

7.8HIGH

CVE-2025-47390

all versions

Memory corruption while preprocessing IOCTL request in JPEG driver.

7.8HIGH

CVE-2025-47358

all versions

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

7.8HIGH

CVE-2024-43050

all versions

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

7.8HIGH

CVE-2024-43049

all versions

Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.

7.8HIGH

CVE-2024-33056

all versions

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

8.4HIGH

CVE-2024-33044

all versions

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

8.4HIGH

CVE-2024-38410

all versions

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

7.8HIGH

CVE-2024-38409

all versions

Memory corruption while station LL statistic handling.

7.8HIGH

CVE-2024-23357

all versions

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

6.2MEDIUM

CVE-2023-43536

all versions

Transient DOS while parse fils IE with length equal to 1.

7.5HIGH

CVE-2023-43535

all versions

Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.

8.4HIGH

CVE-2023-43533

all versions

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

7.5HIGH

CVE-2023-43532

all versions

Memory corruption while reading ACPI config through the user mode app.

8.4HIGH

CVE-2023-43522

all versions

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

7.5HIGH

CVE-2023-33076

all versions

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

5.9MEDIUM

CVE-2023-33072

all versions

Memory corruption in Core while processing control functions.

9.3CRITICAL

CVE-2023-33046

all versions

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

7.8HIGH

CVE-2023-43511

all versions

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

7.5HIGH

CVE-2023-33110

all versions

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP an

7.8HIGH

CVE-2023-33109

all versions

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

7.5HIGH

CVE-2023-33062

all versions

Transient DOS in WLAN Firmware while parsing a BTM request.

7.5HIGH

CVE-2023-33037

all versions

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

7.1HIGH

CVE-2023-33036

all versions

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

7.1HIGH

CVE-2023-33030

all versions

Memory corruption in HLOS while running playready use-case.

9.3CRITICAL

CVE-2023-28556

all versions

Cryptographic issue in HLOS during key management.

7.1HIGH

CVE-2023-28545

all versions

Memory corruption in TZ Secure OS while loading an app ELF.

8.2HIGH

CVE-2023-24852

all versions

Memory Corruption in Core due to secure memory access by user while loading modem image.

8.4HIGH

CVE-2023-28558

all versions

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

7.8HIGH

CVE-2023-28557

all versions

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

7.8HIGH

CVE-2023-28549

all versions

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

7.8HIGH

CVE-2023-28548

all versions

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

7.8HIGH

CVE-2022-33273

all versions

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

7.3HIGH

CVE-2022-25713

all versions

Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a s

7.8HIGH