Known Vulnerabilities
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-33069
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
CVE-2023-33067
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
CVE-2023-43511
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
CVE-2023-33120
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
CVE-2023-33110
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
CVE-2023-33033
Memory corruption in Audio during playback with speaker protection.
CVE-2023-33030
Memory corruption in HLOS while running playready use-case.
CVE-2023-33080
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
CVE-2023-33018
Memory corruption while using the UIM diag command to get the operators name.
CVE-2023-33017
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-33059
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-22388
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-24849
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
CVE-2023-24848
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2023-22385
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
CVE-2023-33020
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
CVE-2023-33019
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
CVE-2023-28565
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
CVE-2023-28560
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
CVE-2023-21626
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
CVE-2022-40510
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-21628
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
CVE-2022-40521
Transient DOS due to improper authorization in Modem
CVE-2022-40507
Memory corruption due to double free in Core while mapping HLOS address to the list.
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2022-22076
information disclosure due to cryptographic issue in Core during RPMB read request.
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-40505
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
CVE-2022-33304
Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.
CVE-2022-40532
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2022-40503
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
CVE-2022-33302
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2022-33295
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
CVE-2022-33294
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
CVE-2022-33291
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-33287
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
CVE-2022-33259
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.
CVE-2022-33258
Information disclosure due to buffer over-read in modem while reading configuration parameters.
CVE-2022-33228
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
CVE-2022-33223
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
CVE-2022-33222
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
CVE-2022-33211
memory corruption in modem due to improper check while calculating size of serialized CoAP message
CVE-2022-25747
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
CVE-2022-25740
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
CVE-2022-25739
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
CVE-2022-25737
Information disclosure in modem due to missing NULL check while reading packets received from local network
CVE-2022-25731
Information disclosure in modem due to buffer over-read while processing packets from DNS server
CVE-2022-25730
Information disclosure in modem due to improper check of IP type while processing DNS server query
CVE-2022-25726
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
CVE-2022-25678
Memory correction in modem due to buffer overwrite during coap connection
CVE-2022-40531
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
CVE-2022-40515
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
CVE-2022-33213
Memory corruption in modem due to buffer overflow while processing a PPP packet
CVE-2022-25705
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
CVE-2022-25694
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
CVE-2022-25655
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
CVE-2022-22075
Information Disclosure in Graphics during GPU context switch.
CVE-2022-40512
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
CVE-2022-33271
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
CVE-2022-33233
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
CVE-2022-33229
Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
CVE-2022-25738
Information disclosure in modem due to buffer over-red while performing checksum of packet received
CVE-2022-25735
Denial of service in modem due to missing null check while processing TCP or UDP packets from server
CVE-2022-25734
Denial of service in modem due to missing null check while processing IP packets with padding
CVE-2022-25733
Denial of service in modem due to null pointer dereference while processing DNS packets
CVE-2022-25732
Information disclosure in modem due to buffer over read in dns client due to missing length check
CVE-2022-25728
Information disclosure in modem due to buffer over-read while processing response from DNS server
CVE-2022-33286
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
CVE-2022-33285
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
CVE-2022-33266
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.