Version QCA6564A

CVE-2024-45555

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.

HIGH CVSS 8.4 Published Jan 06, 2025

CVE-2024-33067

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

MEDIUM CVSS 6.1 Published Jan 06, 2025

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2021-30299

Possible out of bound access in audio module due to lack of validation of user provided input.

MEDIUM CVSS 6.7 Published Nov 22, 2024

CVE-2024-38423

Memory corruption while processing GPU page table switch.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38419

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38415

Memory corruption while handling session errors from firmware.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-33071

Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33070

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33064

Information disclosure while parsing the multiple MBSSID IEs from the beacon.

HIGH CVSS 8.2 Published Oct 07, 2024

CVE-2024-33049

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

MEDIUM CVSS 5.5 Published Sep 02, 2024

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33023

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33022

Memory corruption while allocating memory in HGSL driver.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21481

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21462

Transient DOS while loading the TA ELF file.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section length.

HIGH CVSS 8.2 Published Jun 03, 2024

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CRITICAL CVSS 9.1 Published Jun 03, 2024

CVE-2023-43542

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

HIGH CVSS 7.8 Published Jun 03, 2024

CVE-2023-43538

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

CRITICAL CVSS 9.3 Published Jun 03, 2024

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

HIGH CVSS 7.8 Published May 06, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type.

MEDIUM CVSS 5.9 Published May 06, 2024

CVE-2023-43528

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

MEDIUM CVSS 6.1 Published May 06, 2024

CVE-2023-33119

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

HIGH CVSS 7.8 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43550

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.

HIGH CVSS 7.8 Published Mar 04, 2024

CVE-2023-43547

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43546

Memory corruption while invoking HGSL IOCTL context create.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

HIGH CVSS 7.8 Published Feb 06, 2024

CVE-2023-33076

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

MEDIUM CVSS 5.9 Published Feb 06, 2024

CVE-2023-33072

Memory corruption in Core while processing control functions.

CRITICAL CVSS 9.3 Published Feb 06, 2024

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

MEDIUM CVSS 6.1 Published Feb 06, 2024

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

MEDIUM CVSS 5.5 Published Feb 06, 2024

CVE-2023-33060

Transient DOS in Core when DDR memory check is called while DDR is not initialized.

HIGH CVSS 7.1 Published Feb 06, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

HIGH CVSS 7.1 Published Jan 02, 2024

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33032

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CRITICAL CVSS 9.3 Published Jan 02, 2024

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CRITICAL CVSS 9.3 Published Jan 02, 2024

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

MEDIUM CVSS 6.0 Published Dec 05, 2023

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

HIGH CVSS 8.2 Published Dec 05, 2023

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

MEDIUM CVSS 6.6 Published Nov 07, 2023

CVE-2023-28570

Memory corruption while processing audio effects.

MEDIUM CVSS 6.7 Published Nov 07, 2023

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI command.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28556

Cryptographic issue in HLOS during key management.

HIGH CVSS 7.1 Published Nov 07, 2023

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

HIGH CVSS 8.2 Published Nov 07, 2023

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

HIGH CVSS 8.4 Published Nov 07, 2023

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CRITICAL CVSS 9.8 Published Nov 07, 2023

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-28571

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.

MEDIUM CVSS 6.1 Published Oct 03, 2023

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning notify.

HIGH CVSS 8.4 Published Oct 03, 2023

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-22382

Weak configuration in Automotive while VM is processing a listener request from TEE.

HIGH CVSS 7.4 Published Oct 03, 2023

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory Corruption.

HIGH CVSS 8.7 Published Oct 03, 2023

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command submission.

HIGH CVSS 8.4 Published Sep 05, 2023

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28560

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28544

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

HIGH CVSS 8.4 Published Sep 05, 2023

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in log.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-21662

Memory corruption in Core Platform while printing the response buffer in log.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects enabled.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2023-28555

Transient DOS in Audio while remapping channel buffer in media codec decoding.

HIGH CVSS 7.5 Published Aug 08, 2023

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

HIGH CVSS 8.4 Published Aug 08, 2023

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

HIGH CVSS 8.4 Published Aug 08, 2023

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CRITICAL CVSS 9.3 Published Aug 08, 2023

CVE-2023-21649

Memory corruption in WLAN while running doDriverCmd for an unspecific command.

MEDIUM CVSS 6.7 Published Aug 08, 2023

CVE-2023-21643

Memory corruption due to untrusted pointer dereference in automotive during system call.

CRITICAL CVSS 9.1 Published Aug 08, 2023

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

HIGH CVSS 7.1 Published Aug 08, 2023

CVE-2023-21625

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

HIGH CVSS 8.2 Published Aug 08, 2023

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CRITICAL CVSS 9.8 Published Aug 08, 2023

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music playback.

HIGH CVSS 8.4 Published Jul 04, 2023

CVE-2023-21633

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

MEDIUM CVSS 6.7 Published Jul 04, 2023

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

HIGH CVSS 7.5 Published Jul 04, 2023

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

MEDIUM CVSS 6.8 Published Jul 04, 2023

CVE-2023-21632

Memory corruption in Automotive GPU while querying a gsl memory node.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

HIGH CVSS 7.1 Published Jun 06, 2023

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

HIGH CVSS 7.1 Published Jun 06, 2023

CVE-2022-40521

Transient DOS due to improper authorization in Modem

HIGH CVSS 7.5 Published Jun 06, 2023

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2022-33307

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

HIGH CVSS 7.9 Published Jun 06, 2023

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

HIGH CVSS 7.1 Published Jun 06, 2023

CVE-2022-33273

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

HIGH CVSS 7.3 Published May 02, 2023

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

HIGH CVSS 8.4 Published May 02, 2023

CVE-2023-21665

Memory corruption in Graphics while importing a file.

HIGH CVSS 8.4 Published May 02, 2023

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

HIGH CVSS 8.4 Published Apr 04, 2023

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

HIGH CVSS 8.2 Published Apr 04, 2023

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

MEDIUM CVSS 6.8 Published Apr 04, 2023

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

MEDIUM CVSS 5.9 Published Apr 04, 2023

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

MEDIUM CVSS 6.8 Published Apr 04, 2023

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

CRITICAL CVSS 9.3 Published Apr 04, 2023

CVE-2022-33269

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

CRITICAL CVSS 9.3 Published Apr 04, 2023

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CRITICAL CVSS 9.3 Published Apr 04, 2023

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

HIGH CVSS 7.3 Published Mar 07, 2023

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-40515

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

HIGH CVSS 7.3 Published Mar 07, 2023

CVE-2022-33257

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

CRITICAL CVSS 9.3 Published Mar 07, 2023

CVE-2022-33245

Memory corruption in WLAN due to use after free

MEDIUM CVSS 6.7 Published Mar 07, 2023

CVE-2022-33242

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

HIGH CVSS 7.8 Published Mar 07, 2023

CVE-2022-33213

Memory corruption in modem due to buffer overflow while processing a PPP packet

HIGH CVSS 7.5 Published Mar 07, 2023

CVE-2022-25705

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

HIGH CVSS 7.8 Published Mar 07, 2023

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-25655

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-22075

Information Disclosure in Graphics during GPU context switch.

MEDIUM CVSS 6.2 Published Mar 07, 2023

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CRITICAL CVSS 9.8 Published Feb 09, 2023

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

HIGH CVSS 7.5 Published Feb 09, 2023

CVE-2022-33280

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.

HIGH CVSS 7.3 Published Feb 09, 2023

CVE-2022-33271

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

HIGH CVSS 8.2 Published Feb 09, 2023

CVE-2022-33248

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

HIGH CVSS 7.8 Published Feb 09, 2023

CVE-2022-33246

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.

MEDIUM CVSS 6.7 Published Feb 09, 2023

CVE-2022-33243

Memory corruption due to improper access control in Qualcomm IPC.

HIGH CVSS 8.4 Published Feb 09, 2023

CVE-2022-33233

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

HIGH CVSS 7.8 Published Feb 09, 2023

CVE-2022-33232

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.

CRITICAL CVSS 9.3 Published Feb 09, 2023

CVE-2022-33225

Memory corruption due to use after free in trusted application environment.

MEDIUM CVSS 6.7 Published Feb 09, 2023

CVE-2022-40520

Memory corruption due to stack-based buffer overflow in Core

HIGH CVSS 8.4 Published Jan 06, 2023

CVE-2022-40519

Information disclosure due to buffer overread in Core

MEDIUM CVSS 6.8 Published Jan 06, 2023

CVE-2022-40518

Information disclosure due to buffer overread in Core

MEDIUM CVSS 6.8 Published Jan 06, 2023

CVE-2022-40517

Memory corruption in core due to stack-based buffer overflow

HIGH CVSS 8.4 Published Jan 06, 2023

CVE-2022-40516

Memory corruption in Core due to stack-based buffer overflow.

HIGH CVSS 8.4 Published Jan 06, 2023

CVE-2022-33299

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33290

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33266

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.

MEDIUM CVSS 5.9 Published Jan 06, 2023

CVE-2022-33219

Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.

CRITICAL CVSS 9.3 Published Jan 06, 2023

CVE-2022-33218

Memory corruption in Automotive due to improper input validation.

HIGH CVSS 8.2 Published Jan 06, 2023

CVE-2022-25746

Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.

HIGH CVSS 8.1 Published Jan 06, 2023

CVE-2022-25717

Memory corruption in display due to double free while allocating frame buffer memory

MEDIUM CVSS 6.7 Published Jan 06, 2023

CVE-2022-22088

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

CRITICAL CVSS 9.8 Published Jan 06, 2023

CVE-2022-22079

Denial of service while processing fastboot flash command on mmc due to buffer over read

MEDIUM CVSS 4.6 Published Jan 06, 2023