CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. | 8.4 |
HIGH |
||
Transient DOS while loading the TA ELF file. | 7.1 |
HIGH |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
HIGH |
||
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 7.8 |
HIGH |
||
Memory corruption in HLOS while converting from authorization token to HIDL vector. | 7.8 |
HIGH |
||
Memory corruption in Audio while processing the calibration data returned from ACDB loader. | 7.8 |
HIGH |
||
Memory corruption in Audio while processing IIR config data from AFE calibration block. | 7.8 |
HIGH |
||
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. | 7.8 |
HIGH |
||
Information disclosure in Audio while accessing AVCS services from ADSP payload. | 7.1 |
HIGH |
||
Transient DOS in Audio when invoking callback function of ASM driver. | 5.5 |
MEDIUM |
||
Memory corruption in Audio when memory map command is executed consecutively in ADSP. | 7.8 |
HIGH |
||
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. | 8.4 |
HIGH |
||
Memory corruption in Audio during playback with speaker protection. | 8.4 |
HIGH |
||
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | 9.3 |
CRITICAL |
||
Memory corruption in HLOS while running playready use-case. | 9.3 |
CRITICAL |
||
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 8.4 |
HIGH |
||
Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | 7.1 |
HIGH |
||
Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
HIGH |
||
Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
HIGH |
||
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
HIGH |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
MEDIUM |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
HIGH |
||
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
HIGH |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
HIGH |
||
Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
HIGH |
||
Memory Corruption in camera while installing a fd for a particular DMA buffer. | 7.8 |
HIGH |
||
Memory corruption in Audio while processing the VOC packet data from ADSP. | 7.8 |
HIGH |
||
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | 7.8 |
HIGH |
||
Cryptographic issue in HLOS during key management. | 7.8 |
HIGH |
||
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. | 6.1 |
MEDIUM |
||
Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
HIGH |
||
Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 9.8 |
CRITICAL |
||
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 8.2 |
HIGH |
||
Transient DOS in Modem while allocating DSM items. | 7.5 |
HIGH |
||
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 |
CRITICAL |
||
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. | 7.5 |
HIGH |
||
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | 7.5 |
HIGH |
||
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | 7.8 |
HIGH |
||
Memory Corruption in WLAN HOST while fetching TX status information. | 7.8 |
HIGH |
||
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 7.8 |
HIGH |
||
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 |
HIGH |
||
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | 9.8 |
CRITICAL |
||
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | 6.8 |
MEDIUM |
||
Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 7.8 |
HIGH |
||
Transient DOS due to improper authorization in Modem | 7.5 |
HIGH |
||
Memory corruption due to double free in Core while mapping HLOS address to the list. | 8.4 |
HIGH |
||
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.9 |
HIGH |
||
information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
HIGH |
||
Memory corruption in Graphics while importing a file. | 8.4 |
HIGH |
||
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. | 8.2 |
HIGH |
||
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 |
HIGH |
||
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 |
MEDIUM |
||
Memory corruption due to double free in core while initializing the encryption key. | 9.3 |
CRITICAL |