CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2024-45557 — CVSS 7.8 (high): Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
CVE-2024-45560 — CVSS 7.8 (high): Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.
CVE-2024-49840 — CVSS 7.8 (high): Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
CVE-2024-49841 — CVSS 7.8 (high): Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
CVE-2024-49842 — CVSS 7.8 (high): Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
CVE-2024-53033 — CVSS 7.8 (high): Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.
CVE-2024-53034 — CVSS 7.8 (high): Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the…
CVE-2025-27031 — CVSS 7.8 (high): memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-47358 — CVSS 7.8 (high): Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
CVE-2025-47405 — CVSS 7.8 (high): Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
CVE-2025-47407 — CVSS 7.8 (high): Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2026-21373 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21374 — CVSS 7.8 (high): Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
CVE-2026-21375 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21376 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21378 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-25260 — CVSS 7.8 (high): Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
CVE-2026-25271 — CVSS 7.8 (high): Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2024-38410 — CVSS 7.8 (high): Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
CVE-2024-43049 — CVSS 7.8 (high): Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVE-2024-43050 — CVSS 7.8 (high): Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVE-2024-45542 — CVSS 7.8 (high): Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2024-45546 — CVSS 7.8 (high): Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
CVE-2024-45547 — CVSS 7.8 (high): Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.
CVE-2024-45548 — CVSS 7.8 (high): Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
CVE-2024-45550 — CVSS 7.8 (high): Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls.
CVE-2026-21367 — CVSS 7.6 (high): Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2026-21381 — CVSS 7.6 (high): Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network…
CVE-2023-43539 — CVSS 7.5 (high): Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
CVE-2023-43533 — CVSS 7.5 (high): Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
CVE-2023-33105 — CVSS 7.5 (high): Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence…
CVE-2024-23363 — CVSS 7.5 (high): Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
CVE-2024-23364 — CVSS 7.5 (high): Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…
CVE-2024-33013 — CVSS 7.5 (high): Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2025-21446 — CVSS 7.5 (high): Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.