Known Vulnerabilities
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-23357
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-33033
Memory corruption in Audio during playback with speaker protection.
CVE-2023-33030
Memory corruption in HLOS while running playready use-case.
CVE-2023-33018
Memory corruption while using the UIM diag command to get the operators name.
CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-28546
Memory Corruption in SPS Application while exporting public key in sorter TA.
CVE-2023-22388
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-24850
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-24849
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
CVE-2023-24848
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2023-22385
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
CVE-2023-21631
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
CVE-2023-21629
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
CVE-2022-40521
Transient DOS due to improper authorization in Modem
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2022-22076
information disclosure due to cryptographic issue in Core during RPMB read request.
CVE-2022-40532
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2022-33302
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.