Version SDX20M

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-38423

Memory corruption while processing GPU page table switch.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

HIGH CVSS 8.4 Published Jun 06, 2023

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

HIGH CVSS 8.4 Published May 02, 2023

CVE-2023-21665

Memory corruption in Graphics while importing a file.

HIGH CVSS 8.4 Published May 02, 2023

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

HIGH CVSS 8.4 Published Apr 04, 2023

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

HIGH CVSS 8.2 Published Apr 04, 2023

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

HIGH CVSS 7.3 Published Mar 07, 2023

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-40515

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

HIGH CVSS 7.3 Published Mar 07, 2023

CVE-2022-25655

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-22075

Information Disclosure in Graphics during GPU context switch.

MEDIUM CVSS 6.2 Published Mar 07, 2023

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

HIGH CVSS 7.5 Published Feb 09, 2023

CVE-2022-33280

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.

HIGH CVSS 7.3 Published Feb 09, 2023

CVE-2022-33271

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

HIGH CVSS 8.2 Published Feb 09, 2023

CVE-2022-33299

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33290

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

HIGH CVSS 7.5 Published Jan 06, 2023

CVE-2022-33266

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.

MEDIUM CVSS 5.9 Published Jan 06, 2023

CVE-2022-22079

Denial of service while processing fastboot flash command on mmc due to buffer over read

MEDIUM CVSS 4.6 Published Jan 06, 2023