7.5
CVE-2025-27029 - Buffer Over-read in WLAN HAL
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
7.8
CVE-2025-21486 - Untrusted Pointer Dereference in DSP Service
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
7.8
CVE-2025-21485 - Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
8.6
CVE-2025-21480 - Incorrect Authorization in Graphics Windows
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
7.5
CVE-2025-21463 - Buffer Over-read in WLAN Host Communication
Transient DOS while processing the EHT operation IE in the received beacon frame.
8.2
CVE-2024-53026 - Buffer Over-read in Data Network Stack & Connectivity
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
8.2
CVE-2024-53021 - Buffer Over-read in Data Network Stack & Connectivity
Information disclosure may occur while processing goodbye RTCP packet from network.
8.2
CVE-2024-53020 - Buffer Over-read in Data Network Stack & Connectivity
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
8.2
CVE-2024-53019 - Buffer Over-read in Data Network Stack & Connectivity
Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
6.6
CVE-2024-53018 - Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
Memory corruption may occur while processing the OIS packet parser.