Known Vulnerabilities
CVE-2024-43053
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-43050
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVE-2024-43049
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVE-2024-43048
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-38424
Memory corruption during GNSS HAL process initialization.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-38410
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
CVE-2024-38409
Memory corruption while station LL statistic handling.
CVE-2024-38407
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
CVE-2024-38406
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
CVE-2024-38403
Transient DOS while parsing BTM ML IE when per STA profile is not included.
CVE-2024-33068
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
CVE-2024-33031
Memory corruption while processing the update SIM PB records request.
CVE-2024-23386
memory corruption when WiFi display APIs are invoked with large random inputs.
CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-33054
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33047
Memory corruption when the captureRead QDCM command is invoked from user-space.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-23365
Memory corruption while releasing shared resources in MinkSocket listener thread.
CVE-2024-23364
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-33027
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43527
Information disclosure while parsing dts header atom in Video.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-33067
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
CVE-2023-33065
Information disclosure in Audio while accessing AVCS services from ADSP payload.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2022-40510
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-28541
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
CVE-2023-21669
Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
CVE-2023-21657
Memoru corruption in Audio when ADSP sends input during record use case.
CVE-2022-33267
Memory corruption in Linux while sending DRM request.
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2022-33227
Memory corruption in Linux android due to double free while calling unregister provider after register call.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-40515
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
CVE-2022-33245
Memory corruption in WLAN due to use after free
CVE-2022-33242
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-33213
Memory corruption in modem due to buffer overflow while processing a PPP packet
CVE-2022-33225
Memory corruption due to use after free in trusted application environment.