| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Memory corruption while processing manipulated payload in video firmware. |
| Memory corruption while processing concurrent IOCTL calls. |
| Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. |
| Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. |
| Memory corruption while retrieving the CBOR data from TA. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Transient DOS may occur while processing malformed length field in SSID IEs. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. |
| Transient DOS in WLAN Firmware while parsing a NAN management frame. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Memory corruption when IOCTL call is invoked from user-space to read board data. |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. |
