| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when BTFM client sends new messages over Slimbus to ADSP. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. |
| Memory corruption when two threads try to map and unmap a single node simultaneously. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Memory corruption in Core while processing control functions. |
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Memory corruption while processing manipulated payload in video firmware. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. |
| Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. |
| Transient DOS in Modem while triggering a camping on an 5G cell. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Transient DOS may occur while processing malformed length field in SSID IEs. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. |
