Known Vulnerabilities
CVE-2024-43053
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVE-2024-43052
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-43050
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVE-2024-43049
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVE-2024-43048
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
CVE-2024-33053
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVE-2024-33040
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
CVE-2024-33037
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
CVE-2024-33036
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
CVE-2021-30299
Possible out of bound access in audio module due to lack of validation of user provided input.
CVE-2024-38424
Memory corruption during GNSS HAL process initialization.
CVE-2024-38423
Memory corruption while processing GPU page table switch.
CVE-2024-38422
Memory corruption while processing voice packet with arbitrary data received from ADSP.
CVE-2024-38415
Memory corruption while handling session errors from firmware.
CVE-2024-38410
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
CVE-2024-38409
Memory corruption while station LL statistic handling.
CVE-2024-38407
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
CVE-2024-38406
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
CVE-2024-38403
Transient DOS while parsing BTM ML IE when per STA profile is not included.
CVE-2024-33068
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
CVE-2024-33032
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
CVE-2024-33031
Memory corruption while processing the update SIM PB records request.
CVE-2024-23386
memory corruption when WiFi display APIs are invoked with large random inputs.
CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-23375
Memory corruption during the network scan request.
CVE-2024-38401
Memory corruption while processing concurrent IOCTL calls.
CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-33054
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33047
Memory corruption when the captureRead QDCM command is invoked from user-space.
CVE-2024-33042
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-23364
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-33027
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-21479
Transient DOS during music playback of ALAC content.
CVE-2024-23373
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-23368
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2023-43527
Information disclosure while parsing dts header atom in Video.
CVE-2023-43521
Memory corruption when multiple listeners are being registered with the same file descriptor.
CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU.
CVE-2023-33023
Memory corruption while processing finish_sign command to pass a rsp buffer.
CVE-2023-28547
Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2023-43548
Memory corruption while parsing qcp clip with invalid chunk data size.
CVE-2023-28578
Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2023-43519
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.
CVE-2023-43518
Memory corruption in video while parsing invalid mp2 clip.
CVE-2023-33067
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
CVE-2023-33065
Information disclosure in Audio while accessing AVCS services from ADSP payload.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-33106
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-21655
Memory corruption in Audio while validating and mapping metadata.
CVE-2023-21644
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.
CVE-2023-28577
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
CVE-2023-21649
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
CVE-2022-40510
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-28541
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
CVE-2023-21633
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
CVE-2023-21629
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
CVE-2023-21669
Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
CVE-2023-21657
Memoru corruption in Audio when ADSP sends input during record use case.
CVE-2022-33267
Memory corruption in Linux while sending DRM request.
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2022-33227
Memory corruption in Linux android due to double free while calling unregister provider after register call.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2022-33298
Memory corruption due to use after free in Modem while modem initialization.
CVE-2022-33289
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-40515
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
CVE-2022-33245
Memory corruption in WLAN due to use after free
CVE-2022-33242
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-33213
Memory corruption in modem due to buffer overflow while processing a PPP packet
CVE-2022-40512
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
CVE-2022-33225
Memory corruption due to use after free in trusted application environment.