CVE-2025-27059
Memory corruption while performing SCM call.
CVE-2025-27054
Memory corruption while processing a malformed license file during reboot.
CVE-2025-27053
Memory corruption during PlayReady APP usecase while processing TA commands.
CVE-2025-27049
Transient DOS while processing IOCTL call for image encoding.
CVE-2025-27048
Memory corruption while processing camera platform driver IOCTL calls.
CVE-2025-27045
Information disclosure while processing batch command execution in Video driver.
CVE-2025-27041
Transient DOS while processing video packets received from video firmware.
CVE-2025-27040
Information disclosure may occur while processing the hypervisor log.
CVE-2025-27039
Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.
CVE-2025-47329
Memory corruption while handling invalid inputs in application info setup.
CVE-2025-47328
Transient DOS while processing power control requests with invalid antenna or stream values.
CVE-2025-47327
Memory corruption while encoding the image data.
CVE-2025-47326
Transient DOS while handling command data during power control processing.
CVE-2025-47318
Transient DOS while parsing the EPTM test control message to get the test pattern.
CVE-2025-47317
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
CVE-2025-47316
Memory corruption due to double free when multiple threads race to set the timestamp store.
CVE-2025-47315
Memory corruption while handling repeated memory unmap requests from guest VM.
CVE-2025-47314
Memory corruption while processing data sent by FE driver.
CVE-2025-27077
Memory corruption while processing message in guest VM.
CVE-2025-27037
Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.