CVE-2025-47403

all versions

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

6.5MEDIUM

CVE-2025-47401

all versions

Transient DOS when processing target power rate tables during channel configuration.

6.5MEDIUM

CVE-2025-27057

all versions

Transient DOS while handling beacon frames with invalid IE header length.

7.5HIGH

CVE-2025-27042

all versions

Memory corruption while processing video packets received from video firmware.

7.8HIGH

CVE-2025-21454

all versions

Transient DOS while processing received beacon frame.

7.5HIGH

CVE-2025-21450

all versions

Cryptographic issue occurs due to use of insecure connection method while downloading.

9.1CRITICAL

CVE-2025-21449

all versions

Transient DOS may occur while processing malformed length field in SSID IEs.

7.5HIGH

CVE-2025-21446

all versions

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

7.5HIGH

CVE-2025-21433

all versions

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

6.2MEDIUM

CVE-2025-21432

all versions

Memory corruption while retrieving the CBOR data from TA.

7.8HIGH

CVE-2025-21422

all versions

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

7.1HIGH

CVE-2024-53009

all versions

Memory corruption while operating the mailbox in Automotive.

5.3MEDIUM

CVE-2025-21468

all versions

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null

7.8HIGH

CVE-2025-21453

all versions

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

7.8HIGH

CVE-2024-49845

all versions

Memory corruption during the FRS UDS generation process.

7.8HIGH

CVE-2024-49844

all versions

Memory corruption while triggering commands in the PlayReady Trusted application.

7.8HIGH

CVE-2024-49842

all versions

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

7.8HIGH

CVE-2024-49835

all versions

Memory corruption while reading secure file.

7.8HIGH

CVE-2024-49839

all versions

Memory corruption during management frame processing due to mismatch in T2LM info element.

8.2HIGH

CVE-2024-49838

all versions

Information disclosure while parsing the OCI IE with invalid length.

8.2HIGH

CVE-2024-45571

all versions

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

7.8HIGH

CVE-2024-45569

all versions

Memory corruption while parsing the ML IE due to invalid frame content.

9.8CRITICAL

CVE-2024-38420

all versions

Memory corruption while configuring a Hypervisor based input virtual device.

8.8HIGH

CVE-2024-45558

all versions

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the

7.5HIGH

CVE-2024-38402

all versions

Memory corruption while processing IOCTL call for getting group info.

7.8HIGH

CVE-2024-23363

all versions

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

7.5HIGH

CVE-2023-43556

all versions

Memory corruption in Hypervisor when platform information mentioned is not aligned.

9.3CRITICAL

CVE-2023-43551

all versions

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immedia

9.1CRITICAL

CVE-2023-43542

all versions

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

7.8HIGH

CVE-2023-43538

all versions

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

9.3CRITICAL

CVE-2023-43537

all versions

Information disclosure while handling T2LM Action Frame in WLAN Host.

6.5MEDIUM

CVE-2024-21480

all versions

Memory corruption while playing audio file having large-sized input buffer.

7.3HIGH

CVE-2024-21477

all versions

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

7.5HIGH

CVE-2024-21475

all versions

Memory corruption when the payload received from firmware is not as per the expected protocol size.

7.8HIGH

CVE-2024-21474

all versions

Memory corruption when size of buffer from previous call is used without validation or re-initialization.

8.4HIGH

CVE-2024-21471

all versions

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

8.4HIGH

CVE-2023-43531

all versions

Memory corruption while verifying the serialized header when the key pairs are generated.

8.4HIGH

CVE-2023-43530

all versions

Memory corruption in HLOS while checking for the storage type.

5.9MEDIUM

CVE-2023-43529

all versions

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

7.5HIGH

CVE-2023-33119

all versions

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

8.4HIGH

CVE-2024-21473

all versions

Memory corruption while redirecting log file to any file location with any file name.

9.8CRITICAL

CVE-2024-21468

all versions

Memory corruption when there is failed unmap operation in GPU.

8.4HIGH

CVE-2024-21463

all versions

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

7.3HIGH

CVE-2023-33115

all versions

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

7.8HIGH

CVE-2023-33101

all versions

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

7.5HIGH

CVE-2023-33100

all versions

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

7.5HIGH

CVE-2023-33099

all versions

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

7.5HIGH

CVE-2023-33023

all versions

Memory corruption while processing finish_sign command to pass a rsp buffer.

8.4HIGH

CVE-2023-28547

all versions

Memory corruption in SPS Application while requesting for public key in sorter TA.

8.4HIGH

CVE-2023-43553

all versions

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

9.8CRITICAL

CVE-2023-43552

all versions

Memory corruption while processing MBSSID beacon containing several subelement IE.

9.8CRITICAL

CVE-2023-43549

all versions

Memory corruption while processing TPC target power table in FTM TPC.

8.4HIGH

CVE-2023-43539

all versions

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

7.5HIGH

CVE-2023-33105

all versions

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction seque

7.5HIGH

CVE-2023-33104

all versions

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

7.5HIGH

CVE-2023-33103

all versions

Transient DOS while processing CAG info IE received from NW.

7.5HIGH

CVE-2023-33096

all versions

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

7.5HIGH

CVE-2023-33095

all versions

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in

7.5HIGH

CVE-2023-33086

all versions

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

7.5HIGH

CVE-2023-33084

all versions

Transient DOS while processing IE fragments from server during DTLS handshake.

7.5HIGH

CVE-2023-33066

all versions

Memory corruption in Audio while processing RT proxy port register driver.

8.4HIGH

CVE-2023-28582

all versions

Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.

9.8CRITICAL