Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0467 | 2025-04-21 | N/A | 8.2 HIGH | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-45557 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. | |||||
| CVE-2024-6603 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.4 HIGH |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-1013 | 1 Unixodbc | 1 Unixodbc | 2025-03-26 | N/A | 7.8 HIGH |
| An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. | |||||
| CVE-2024-12577 | 2025-03-18 | N/A | 7.3 HIGH | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47900 | 2025-03-14 | N/A | 7.8 HIGH | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. | |||||
| CVE-2024-47896 | 2025-03-05 | N/A | 3.3 LOW | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-43060 | 2025-03-03 | N/A | 7.8 HIGH | ||
| Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP. | |||||
| CVE-2024-52939 | 2025-02-24 | N/A | 7.8 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-49840 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | |||||
| CVE-2024-45573 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption may occour while generating test pattern due to negative indexing of display ID. | |||||
| CVE-2024-52936 | 2025-01-31 | N/A | 4.4 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2023-33106 | 1 Qualcomm | 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more | 2025-01-27 | N/A | 8.4 HIGH |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | |||||
| CVE-2024-21475 | 1 Qualcomm | 472 215 Mobile, 215 Mobile Firmware, 315 5g Iot Modem and 469 more | 2025-01-15 | N/A | 7.8 HIGH |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. | |||||
| CVE-2024-52935 | 2025-01-13 | N/A | 4.1 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47895 | 2025-01-13 | N/A | 7.1 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47894 | 2025-01-13 | N/A | 7.1 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-52937 | 2025-01-13 | N/A | 6.7 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-52938 | 2025-01-13 | N/A | 7.8 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory. | |||||
| CVE-2023-33066 | 1 Qualcomm | 626 205 Mobile, 205 Mobile Firmware, 215 Mobile and 623 more | 2025-01-10 | N/A | 8.4 HIGH |
| Memory corruption in Audio while processing RT proxy port register driver. | |||||