7.5
CVE-2024-33057 - Buffer Over-read in WLAN Host Communication
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
7.8
CVE-2024-33054 - Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Computer Vision
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
7.8
CVE-2024-33052 - Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host
Memory corruption when user provides data for FM HCI command control operations.
7.5
CVE-2024-33051 - Buffer Over-read in WLAN Firmware
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5
CVE-2024-33050 - Buffer Over-read in WLAN Host Communication
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
7.5
CVE-2024-33048 - Buffer Over-read in WLAN Host
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
8.4
CVE-2024-33047 - Buffer Over-read in Display
Memory corruption when the captureRead QDCM command is invoked from user-space.
8.4
CVE-2024-33045 - Return of Stack Variable Address in Buses
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
5.5
CVE-2024-33043 - Buffer Over-read in FM Host
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
7.8
CVE-2024-33042 - Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host
Memory corruption when Alternative Frequency offset value is set to 255.