Version 0

CVE-2024-33063

Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.

HIGH CVSS 7.5 Published Dec 02, 2024

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33039

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-38424

Memory corruption during GNSS HAL process initialization.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38421

Memory corruption while processing GPU commands.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38419

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

HIGH CVSS 8.2 Published Nov 04, 2024

CVE-2024-38405

Transient DOS while processing the CU information from RNR IE.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-38399

Memory corruption while processing user packets to generate page faults.

HIGH CVSS 8.4 Published Oct 07, 2024

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33073

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 8.2 Published Oct 07, 2024

CVE-2024-23379

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.

MEDIUM CVSS 6.7 Published Oct 07, 2024

CVE-2024-23378

Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.

MEDIUM CVSS 6.7 Published Oct 07, 2024

CVE-2024-23369

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

HIGH CVSS 7.8 Published Oct 07, 2024

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33035

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23364

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-33034

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33026

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33023

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33022

Memory corruption while allocating memory in HGSL driver.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33020

Transient DOS while processing TID-to-link mapping IE elements.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33019

Transient DOS while parsing the received TID-to-link mapping action frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33018

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23384

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23383

Memory corruption when kernel driver attempts to trigger hardware fences.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23382

Memory corruption while processing graphics kernel driver request to create DMA fence.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23381

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-21481

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-21479

Transient DOS during music playback of ALAC content.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21467

Information disclosure while handling beacon probe frame during scan entry generation in client side.

MEDIUM CVSS 6.5 Published Aug 05, 2024

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.

MEDIUM CVSS 6.5 Published Aug 05, 2024

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21466

Information disclosure while parsing sub-IE length during new IE generation.

MEDIUM CVSS 6.5 Published Jul 01, 2024

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-21458

Information disclosure while handling SA query action frame.

MEDIUM CVSS 6.5 Published Jul 01, 2024

CVE-2024-21457

INformation disclosure while handling Multi-link IE in beacon frame.

MEDIUM CVSS 6.5 Published Jul 01, 2024

CVE-2024-21456

Information Disclosure while parsing beacon frame in STA.

MEDIUM CVSS 6.5 Published Jul 01, 2024

CVE-2023-43531

Memory corruption while verifying the serialized header when the key pairs are generated.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43521

Memory corruption when multiple listeners are being registered with the same file descriptor.

MEDIUM CVSS 6.7 Published May 06, 2024

CVE-2024-21463

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

HIGH CVSS 7.3 Published Apr 01, 2024

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

HIGH CVSS 7.8 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43553

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

CRITICAL CVSS 9.8 Published Mar 04, 2024

CVE-2023-43552

Memory corruption while processing MBSSID beacon containing several subelement IE.

CRITICAL CVSS 9.8 Published Mar 04, 2024

CVE-2023-43550

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.

HIGH CVSS 7.8 Published Mar 04, 2024

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data size.

HIGH CVSS 7.3 Published Mar 04, 2024

CVE-2023-43547

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43546

Memory corruption while invoking HGSL IOCTL context create.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43519

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

MEDIUM CVSS 6.1 Published Feb 06, 2024