Known Vulnerabilities
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-33053
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-33037
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
CVE-2024-33036
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-38408
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-33032
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-23364
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
CVE-2024-21469
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-33066
Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-28578
Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2023-43522
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-33027
Transient DOS in WLAN Firmware while parsing rsn ies.
CVE-2023-28558
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
CVE-2023-21651
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2022-40510
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
CVE-2022-33267
Memory corruption in Linux while sending DRM request.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-33257
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
CVE-2022-33242
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-40512
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
CVE-2022-33271
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
CVE-2022-33232
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.