CVE-2025-27067
Memory corruption while processing DDI call with invalid buffer.
CVE-2025-27066
Transient DOS while processing an ANQP message.
CVE-2025-27065
Transient DOS while processing a frame with malformed shared-key descriptor.
CVE-2025-27062
Memory corruption while handling client exceptions, allowing unauthorized channel access.
CVE-2025-21477
Transient DOS while processing CCCH data when NW sends data with invalid length.
CVE-2025-21474
Memory corruption while processing commands from A2dp sink command queue.
CVE-2025-21473
Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.
CVE-2025-21472
Information disclosure while capturing logs as eSE debug messages are logged.
CVE-2025-21465
Information disclosure while processing the hash segment in an MBN file.
CVE-2025-21464
Information disclosure while reading data from an image using specified offset and size parameters.
CVE-2025-21461
Memory corruption when programming registers through virtual CDM.
CVE-2025-21458
Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
CVE-2025-21457
Information disclosure while opening a fastrpc session when domain is not sanitized.
CVE-2025-21456
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
CVE-2025-21455
Memory corruption while submitting blob data to kernel space though IOCTL.
CVE-2025-21452
Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.
CVE-2025-27061
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-27058
Memory corruption while processing packet data with exceedingly large packet.
CVE-2025-27057
Transient DOS while handling beacon frames with invalid IE header length.
CVE-2025-27056
Memory corruption during sub-system restart while processing clean-up to free up resources.