CVE-2026-21381

all versions

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness netwo

7.6HIGH

CVE-2026-21380

all versions

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

7.8HIGH

CVE-2026-21378

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

7.8HIGH

CVE-2026-21376

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

7.8HIGH

CVE-2026-21375

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

7.8HIGH

CVE-2026-21374

all versions

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

7.8HIGH

CVE-2026-21373

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

7.8HIGH

CVE-2025-47391

all versions

Memory corruption while processing a frame request from user.

7.8HIGH

CVE-2025-47389

all versions

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

7.8HIGH

CVE-2025-47374

all versions

Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.

6.5MEDIUM

CVE-2026-21385

all versions

Memory corruption while using alignments for memory allocation.

7.8HIGH

CVE-2025-59600

all versions

Memory Corruption when adding user-supplied data without checking available buffer space.

7.8HIGH

CVE-2025-47385

all versions

Memory Corruption when accessing trusted execution environment without proper privilege check.

7.8HIGH

CVE-2025-47378

all versions

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

7.1HIGH

CVE-2025-47373

all versions

Memory Corruption when accessing buffers with invalid length during TA invocation.

7.8HIGH

CVE-2025-47396

all versions

Memory corruption occurs when a secure application is launched on a device with insufficient memory.

7.8HIGH

CVE-2025-47369

all versions

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

5.5MEDIUM

CVE-2025-47348

all versions

Memory corruption while processing identity credential operations in the trusted application.

7.8HIGH

CVE-2025-47346

all versions

Memory corruption while processing a secure logging command in the trusted application.

7.8HIGH

CVE-2025-47344

all versions

Memory corruption while handling sensor utility operations.

6.7MEDIUM

CVE-2025-47339

all versions

Memory corruption while deinitializing a HDCP session.

7.8HIGH

CVE-2025-47337

all versions

Memory corruption while accessing a synchronization object during concurrent operations.

6.7MEDIUM

CVE-2025-47334

all versions

Memory corruption while processing shared command buffer packet between camera userspace and kernel.

6.7MEDIUM

CVE-2025-47333

all versions

Memory corruption while handling buffer mapping operations in the cryptographic driver.

6.6MEDIUM

CVE-2025-47332

all versions

Memory corruption while processing a config call from userspace.

6.7MEDIUM

CVE-2025-47331

all versions

Information disclosure while processing a firmware event.

6.1MEDIUM

CVE-2025-47330

all versions

Transient DOS while parsing video packets received from the video firmware.

5.5MEDIUM

CVE-2025-47382

all versions

Memory corruption while loading an invalid firmware in boot loader.

7.8HIGH

CVE-2025-47323

all versions

Memory corruption while routing GPR packets between user and root when handling large data packet.

7.8HIGH

CVE-2025-47321

all versions

Memory corruption while copying packets received from unix clients.

7.8HIGH

CVE-2025-47319

all versions

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS

6.7MEDIUM

CVE-2025-27063

all versions

Memory corruption during video playback when video session open fails with time out error.

7.8HIGH

CVE-2025-47370

all versions

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

6.5MEDIUM

CVE-2025-27070

all versions

Memory corruption while performing encryption and decryption commands.

7.8HIGH

CVE-2025-27054

all versions

Memory corruption while processing a malformed license file during reboot.

7.8HIGH

CVE-2025-27053

all versions

Memory corruption during PlayReady APP usecase while processing TA commands.

7.8HIGH

CVE-2025-47329

all versions

Memory corruption while handling invalid inputs in application info setup.

7.8HIGH

CVE-2025-47318

all versions

Transient DOS while parsing the EPTM test control message to get the test pattern.

7.5HIGH

CVE-2025-27032

all versions

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.

7.8HIGH

CVE-2025-21482

all versions

Cryptographic issue while performing RSA PKCS padding decoding.

7.1HIGH

CVE-2025-27073

all versions

Transient DOS while creating NDP instance.

7.5HIGH

CVE-2025-27066

all versions

Transient DOS while processing an ANQP message.

7.5HIGH

CVE-2025-27065

all versions

Transient DOS while processing a frame with malformed shared-key descriptor.

7.5HIGH

CVE-2025-21465

all versions

Information disclosure while processing the hash segment in an MBN file.

6.5MEDIUM

CVE-2025-21464

all versions

Information disclosure while reading data from an image using specified offset and size parameters.

6.5MEDIUM

CVE-2025-21426

all versions

Memory corruption while processing camera TPG write request.

6.6MEDIUM

CVE-2025-21463

all versions

Transient DOS while processing the EHT operation IE in the received beacon frame.

7.5HIGH

CVE-2024-53015

all versions

Memory corruption while processing IOCTL command to handle buffers associated with a session.

6.6MEDIUM

CVE-2024-53010

all versions

Memory corruption may occur while attaching VM when the HLOS retains access to VM.

7.8HIGH

CVE-2025-21448

all versions

Transient DOS may occur while parsing SSID in action frames.

7.5HIGH

CVE-2025-21434

all versions

Transient DOS may occur while parsing EHT operation IE or EHT capability IE.

7.5HIGH

CVE-2025-21430

all versions

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

7.5HIGH

CVE-2024-49848

all versions

Memory corruption while processing multiple IOCTL calls from HLOS to DSP.

6.7MEDIUM

CVE-2024-45556

all versions

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.

6.5MEDIUM

CVE-2024-45551

all versions

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification fai

6.2MEDIUM

CVE-2024-45549

all versions

Information disclosure while creating MQ channels.

7.7HIGH

CVE-2024-43065

all versions

Cryptographic issues while generating an asymmetric key pair for RKP use cases.

7.1HIGH

CVE-2024-43046

all versions

There may be information disclosure during memory re-allocation in TZ Secure OS.

5.5MEDIUM

CVE-2024-33058

all versions

Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.

7.5HIGH

CVE-2024-53011

all versions

Information disclosure may occur due to improper permission and access controls to Video Analytics engine.

7.9HIGH