7.5
CVE-2024-38403 - Buffer Over-read in WLAN Firmware
Transient DOS while parsing BTM ML IE when per STA profile is not included.
7.5
CVE-2024-33068 - Use After Free in WLAN Host Communication
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
6.7
CVE-2024-33033 - Use After Free in ComputerVision
Memory corruption while processing IOCTL calls to unmap the buffers.
6.7
CVE-2024-33032 - Improper Validation of Array Index in Camera_Linux
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
6.7
CVE-2024-33031 - Improper Input Validation in RIL
Memory corruption while processing the update SIM PB records request.
6.7
CVE-2024-33030 - Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Performance
Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.
6.7
CVE-2024-33029 - Use After Free in DSP Services
Memory corruption while handling the PDR in driver for getting the remote heap maps.
6.7
CVE-2024-23386 - Improper Input Validation in Video
memory corruption when WiFi display APIs are invoked with large random inputs.
7.5
CVE-2024-23385 - Reachable Assertion in Modem
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
6.7
CVE-2024-23377 - Use of Out-of-range Pointer Offset in ComputerVision
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.