| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake. |
| Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. |
| Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. |
| Memory corruption due to double free in Core while mapping HLOS address to the list. |
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. |
| Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. |
| Memory corruption when multiple threads try to unregister the CVP buffer at the same time. |
| Memory corruption while Configuring the SMR/S2CR register in Bypass mode. |
| Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. |
| Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. |
| Memory corruption in WLAN Host while processing RRM beacon on the AP. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
| Memory corruption during session sign renewal request calls in HLOS. |
| Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. |
| Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network. |
| Transient DOS during music playback of ALAC content. |
| Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. |
