Known Vulnerabilities
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2018-11816
Crafted Binder Request Causes Heap UAF in MediaServer
CVE-2016-10408
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
CVE-2017-18153
A race condition exists in a driver potentially leading to a use-after-free condition.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-33069
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
CVE-2023-33067
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
CVE-2023-43511
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
CVE-2023-33120
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
CVE-2023-33110
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
CVE-2023-33033
Memory corruption in Audio during playback with speaker protection.
CVE-2023-33030
Memory corruption in HLOS while running playready use-case.
CVE-2023-33080
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
CVE-2023-33018
Memory corruption while using the UIM diag command to get the operators name.
CVE-2023-33017
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-33059
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-22388
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-24849
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
CVE-2023-24848
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2023-22385
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
CVE-2023-33020
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
CVE-2023-33019
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
CVE-2022-40521
Transient DOS due to improper authorization in Modem
CVE-2022-40507
Memory corruption due to double free in Core while mapping HLOS address to the list.
CVE-2022-22076
information disclosure due to cryptographic issue in Core during RPMB read request.
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-40505
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
CVE-2022-33304
Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.
CVE-2022-40503
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
CVE-2022-33302
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2022-33295
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
CVE-2022-33294
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
CVE-2022-33291
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-33287
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
CVE-2022-33259
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.
CVE-2022-33258
Information disclosure due to buffer over-read in modem while reading configuration parameters.
CVE-2022-33228
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
CVE-2022-33223
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
CVE-2022-33222
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
CVE-2022-33211
memory corruption in modem due to improper check while calculating size of serialized CoAP message
CVE-2022-25747
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
CVE-2022-25740
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
CVE-2022-25739
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
CVE-2022-25737
Information disclosure in modem due to missing NULL check while reading packets received from local network
CVE-2022-25731
Information disclosure in modem due to buffer over-read while processing packets from DNS server
CVE-2022-25730
Information disclosure in modem due to improper check of IP type while processing DNS server query
CVE-2022-25726
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
CVE-2022-25678
Memory correction in modem due to buffer overwrite during coap connection