Version QCN7606

CVE-2024-45542

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

HIGH CVSS 7.8 Published Jan 06, 2025

CVE-2024-45541

Memory corruption when IOCTL call is invoked from user-space to read board data.

HIGH CVSS 7.8 Published Jan 06, 2025

CVE-2024-43050

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

HIGH CVSS 8.2 Published Nov 04, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-23357

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

MEDIUM CVSS 6.2 Published Aug 05, 2024

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21462

Transient DOS while loading the TA ELF file.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43542

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

HIGH CVSS 7.8 Published Jun 03, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data size.

HIGH CVSS 7.3 Published Mar 04, 2024

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43519

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-43518

Memory corruption in video while parsing invalid mp2 clip.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-33072

Memory corruption in Core while processing control functions.

CRITICAL CVSS 9.3 Published Feb 06, 2024

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CRITICAL CVSS 9.3 Published Jan 02, 2024

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from user-space.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

MEDIUM CVSS 6.0 Published Dec 05, 2023

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

HIGH CVSS 8.2 Published Dec 05, 2023

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI interfaces.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info command.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI command.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28556

Cryptographic issue in HLOS during key management.

HIGH CVSS 7.1 Published Nov 07, 2023

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

HIGH CVSS 8.2 Published Nov 07, 2023

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

HIGH CVSS 8.4 Published Nov 07, 2023

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

HIGH CVSS 7.8 Published Oct 03, 2023

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28562

Memory corruption while handling payloads from remote ESL.

CRITICAL CVSS 9.8 Published Sep 05, 2023

CVE-2023-28560

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28544

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

HIGH CVSS 8.4 Published Sep 05, 2023

CVE-2023-28561

Memory corruption in QESL while processing payload from external ESL device to firmware.

CRITICAL CVSS 9.8 Published Aug 08, 2023

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

HIGH CVSS 7.7 Published Aug 08, 2023

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CRITICAL CVSS 9.3 Published Aug 08, 2023

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

HIGH CVSS 7.1 Published Aug 08, 2023

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

HIGH CVSS 7.1 Published Jun 06, 2023

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

HIGH CVSS 7.1 Published Jun 06, 2023

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

HIGH CVSS 8.4 Published Apr 04, 2023

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

HIGH CVSS 8.2 Published Apr 04, 2023

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CRITICAL CVSS 9.3 Published Apr 04, 2023

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

HIGH CVSS 7.3 Published Mar 07, 2023

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-40530

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-40515

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

HIGH CVSS 7.3 Published Mar 07, 2023

CVE-2022-33278

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

HIGH CVSS 7.8 Published Mar 07, 2023

CVE-2022-33257

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

CRITICAL CVSS 9.3 Published Mar 07, 2023

CVE-2022-33245

Memory corruption in WLAN due to use after free

MEDIUM CVSS 6.7 Published Mar 07, 2023

CVE-2022-22075

Information Disclosure in Graphics during GPU context switch.

MEDIUM CVSS 6.2 Published Mar 07, 2023

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

HIGH CVSS 7.5 Published Feb 09, 2023

CVE-2022-33277

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

HIGH CVSS 8.4 Published Feb 09, 2023

CVE-2022-33271

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

HIGH CVSS 8.2 Published Feb 09, 2023

CVE-2022-40519

Information disclosure due to buffer overread in Core

MEDIUM CVSS 6.8 Published Jan 06, 2023

CVE-2022-40518

Information disclosure due to buffer overread in Core

MEDIUM CVSS 6.8 Published Jan 06, 2023

CVE-2022-40517

Memory corruption in core due to stack-based buffer overflow

HIGH CVSS 8.4 Published Jan 06, 2023

CVE-2022-40516

Memory corruption in Core due to stack-based buffer overflow.

HIGH CVSS 8.4 Published Jan 06, 2023

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-22088

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

CRITICAL CVSS 9.8 Published Jan 06, 2023