Known Vulnerabilities
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-23373
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-28578
Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2023-43518
Memory corruption in video while parsing invalid mp2 clip.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-33106
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2022-40510
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
CVE-2023-21629
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
CVE-2023-21657
Memoru corruption in Audio when ADSP sends input during record use case.
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-40515
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
CVE-2022-33213
Memory corruption in modem due to buffer overflow while processing a PPP packet
CVE-2022-40512
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.