CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Memory corruption while handling user packets during VBO bind operation. | 8.4 |
HIGH |
||
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. | 8.4 |
HIGH |
||
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. | 8.4 |
HIGH |
||
Memory corruption when allocating and accessing an entry in an SMEM partition. | 7.8 |
HIGH |
||
Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | 7.8 |
HIGH |
||
Information disclosure while parsing sub-IE length during new IE generation. | 7.5 |
HIGH |
||
Memory corruption while processing key blob passed by the user. | 7.8 |
HIGH |
||
Transient DOS while loading the TA ELF file. | 7.1 |
HIGH |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
HIGH |
||
Information disclosure while handling SA query action frame. | 7.5 |
HIGH |
||
INformation disclosure while handling Multi-link IE in beacon frame. | 7.5 |
HIGH |
||
Information Disclosure while parsing beacon frame in STA. | 9.1 |
CRITICAL |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
HIGH |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
HIGH |
||
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | 7.5 |
HIGH |
||
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing a BTM request. | 7.5 |
HIGH |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
HIGH |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
HIGH |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
HIGH |
||
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
HIGH |
||
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
HIGH |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
HIGH |
||
Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. | 8.8 |
HIGH |
||
Information Disclosure in WLAN Host when processing WMI event command. | 6.1 |
MEDIUM |
||
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 |
CRITICAL |
||
Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 |
HIGH |
||
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | 6.1 |
MEDIUM |
||
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 7.8 |
HIGH |
||
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. | 7.5 |
HIGH |
||
Memory corruption in WLAN HAL while parsing WMI command parameters. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while handling command through WMI interfaces. | 7.8 |
HIGH |
||
Memory corruption in WLAN handler while processing PhyID in Tx status handler. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. | 7.8 |
HIGH |
||
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. | 8.4 |
HIGH |
||
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 7.8 |
HIGH |
||
Transient DOS in WLAN Firmware while processing frames with missing header fields. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 7.5 |
HIGH |
||
Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 7.8 |
HIGH |
||
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 8.4 |
HIGH |
||
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | 8.4 |
HIGH |
||
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | 8.4 |
HIGH |
||
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. | 9.8 |
CRITICAL |
||
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. | 7.5 |
HIGH |
||
Transient DOS due to buffer over-read in WLAN Host while parsing frame information. | 7.5 |
HIGH |
||
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs. | 7.5 |
HIGH |
||
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command. | 8.4 |
HIGH |
||
Information disclosure due to buffer over-read in WLAN while parsing NMF frame. | 8.2 |
HIGH |