Known Vulnerabilities
CVE-2024-45553
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-38419
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
CVE-2024-23369
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
CVE-2024-38402
Memory corruption while processing IOCTL call for getting group info.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-33045
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-23362
Cryptographic issue while parsing RSA keys in COBR format.
CVE-2024-33028
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33022
Memory corruption while allocating memory in HGSL driver.
CVE-2024-33021
Memory corruption while processing IOCTL call to set metainfo.
CVE-2024-23357
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
CVE-2024-23356
Memory corruption during session sign renewal request calls in HLOS.
CVE-2024-23355
Memory corruption when keymaster operation imports a shared key.
CVE-2024-21481
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-21465
Memory corruption while processing key blob passed by the user.
CVE-2024-21462
Transient DOS while loading the TA ELF file.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43542
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-43538
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
CVE-2024-21475
Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated.
CVE-2023-43530
Memory corruption in HLOS while checking for the storage type.
CVE-2023-33119
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2023-33115
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-43550
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2023-43547
Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
CVE-2023-43546
Memory corruption while invoking HGSL IOCTL context create.
CVE-2023-28578
Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
CVE-2023-33076
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
CVE-2023-33072
Memory corruption in Core while processing control functions.
CVE-2023-43514
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
CVE-2023-33113
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
CVE-2023-33085
Memory corruption in wearables while processing data from AON.
CVE-2023-33087
Memory corruption in Core while processing RX intent request.
CVE-2023-33022
Memory corruption in HLOS while invoking IOCTL calls from user-space.
CVE-2023-33017
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2023-28585
Memory corruption while loading an ELF segment in TEE Kernel.
CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-28546
Memory Corruption in SPS Application while exporting public key in sorter TA.
CVE-2023-28574
Memory corruption in core services when Diag handler receives a command to configure event listeners.
CVE-2023-28556
Cryptographic issue in HLOS during key management.
CVE-2023-28545
Memory corruption in TZ Secure OS while loading an app ELF.
CVE-2023-24852
Memory Corruption in Core due to secure memory access by user while loading modem image.
CVE-2023-33029
Memory corruption in DSP Service during a remote call from HLOS to DSP.
CVE-2023-24853
Memory Corruption in HLOS while registering for key provisioning notify.
CVE-2023-24850
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-24847
Transient DOS in Modem while allocating DSM items.
CVE-2023-24844
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
CVE-2023-21673
Improper Access to the VM resource manager can lead to Memory Corruption.