Known Vulnerabilities
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33043
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-33120
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
CVE-2023-33110
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
CVE-2023-33033
Memory corruption in Audio during playback with speaker protection.
CVE-2023-33030
Memory corruption in HLOS while running playready use-case.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-33018
Memory corruption while using the UIM diag command to get the operators name.
CVE-2023-33017
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation.
CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-33059
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-33031
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
CVE-2023-22388
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-24849
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
CVE-2023-24848
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2023-22385
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
CVE-2023-33020
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
CVE-2023-33019
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
CVE-2023-22667
Memory Corruption in Audio while allocating the ion buffer during the music playback.
CVE-2023-21631
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
CVE-2023-21629
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
CVE-2022-40521
Transient DOS due to improper authorization in Modem
CVE-2022-40507
Memory corruption due to double free in Core while mapping HLOS address to the list.
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2022-22076
information disclosure due to cryptographic issue in Core during RPMB read request.
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-40532
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2022-40503
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
CVE-2022-33302
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-33231
Memory corruption due to double free in core while initializing the encryption key.