Known Vulnerabilities
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-21462
Transient DOS while loading the TA ELF file.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43542
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
CVE-2023-33077
Memory corruption in HLOS while converting from authorization token to HIDL vector.
CVE-2023-33060
Transient DOS in Core when DDR memory check is called while DDR is not initialized.
CVE-2023-33032
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
CVE-2023-33030
Memory corruption in HLOS while running playready use-case.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-33070
Transient DOS in Automotive OS due to improper authentication to the secure IO calls.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-33017
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2023-28585
Memory corruption while loading an ELF segment in TEE Kernel.
CVE-2023-28546
Memory Corruption in SPS Application while exporting public key in sorter TA.
CVE-2023-22383
Memory Corruption in camera while installing a fd for a particular DMA buffer.
CVE-2023-28556
Cryptographic issue in HLOS during key management.
CVE-2023-28554
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.
CVE-2023-24852
Memory Corruption in Core due to secure memory access by user while loading modem image.
CVE-2023-24853
Memory Corruption in HLOS while registering for key provisioning notify.
CVE-2023-28538
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
CVE-2023-21664
Memory Corruption in Core Platform while printing the response buffer in log.
CVE-2023-21662
Memory corruption in Core Platform while printing the response buffer in log.
CVE-2023-28575
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
CVE-2023-21627
Memory corruption in Trusted Execution Environment while calling service API with invalid address.
CVE-2023-21626
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
CVE-2023-22387
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
CVE-2023-21624
Information disclosure in DSP Services while loading dynamic module.
CVE-2023-21670
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
CVE-2022-40529
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
CVE-2022-40507
Memory corruption due to double free in Core while mapping HLOS address to the list.
CVE-2022-33263
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
CVE-2022-33224
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.
CVE-2022-22076
information disclosure due to cryptographic issue in Core during RPMB read request.
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-33231
Memory corruption due to double free in core while initializing the encryption key.
CVE-2022-33260
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
CVE-2022-33242
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-22075
Information Disclosure in Graphics during GPU context switch.
CVE-2022-33243
Memory corruption due to improper access control in Qualcomm IPC.
CVE-2022-40520
Memory corruption due to stack-based buffer overflow in Core
CVE-2022-40519
Information disclosure due to buffer overread in Core
CVE-2022-40518
Information disclosure due to buffer overread in Core
CVE-2022-40517
Memory corruption in core due to stack-based buffer overflow
CVE-2022-40516
Memory corruption in Core due to stack-based buffer overflow.
CVE-2022-25721
Memory corruption in video driver due to type confusion error during video playback
CVE-2022-25717
Memory corruption in display due to double free while allocating frame buffer memory
CVE-2022-25715
Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields