CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Memory corruption when allocating and accessing an entry in an SMEM partition. | 7.8 |
HIGH |
||
Transient DOS while loading the TA ELF file. | 7.1 |
HIGH |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
HIGH |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
HIGH |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
HIGH |
||
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 7.8 |
HIGH |
||
Memory corruption in Core while processing control functions. | 9.3 |
CRITICAL |
||
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | 7.5 |
HIGH |
||
Memory corruption in Audio when memory map command is executed consecutively in ADSP. | 7.8 |
HIGH |
||
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. | 7.8 |
HIGH |
||
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing a BTM request. | 7.5 |
HIGH |
||
Transient DOS in Data Modem during DTLS handshake. | 7.5 |
HIGH |
||
Memory corruption while receiving a message in Bus Socket Transport Server. | 7.8 |
HIGH |
||
Memory corruption in Audio during playback with speaker protection. | 8.4 |
HIGH |
||
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | 9.3 |
CRITICAL |
||
Memory corruption in HLOS while running playready use-case. | 9.3 |
CRITICAL |
||
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 8.4 |
HIGH |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
HIGH |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
HIGH |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
HIGH |
||
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
HIGH |
||
Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | 7.1 |
HIGH |
||
Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
HIGH |
||
Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
HIGH |
||
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
HIGH |
||
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
HIGH |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
MEDIUM |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
HIGH |
||
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
HIGH |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
HIGH |
||
Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
HIGH |
||
Memory corruption in Audio while processing the VOC packet data from ADSP. | 7.8 |
HIGH |
||
Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. | 8.8 |
HIGH |
||
Information disclosure in WLAN HAL while handling command through WMI interfaces. | 6.1 |
MEDIUM |
||
Information disclosure in WLAN HAL while handling the WMI state info command. | 6.1 |
MEDIUM |
||
Information disclosure in IOE Firmware while handling WMI command. | 6.1 |
MEDIUM |
||
Cryptographic issue in HLOS during key management. | 7.8 |
HIGH |
||
Information Disclosure in WLAN Host when processing WMI event command. | 6.1 |
MEDIUM |
||
Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
HIGH |
||
Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 9.8 |
CRITICAL |
||
Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
HIGH |
||
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | 6.1 |
MEDIUM |
||
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 7.8 |
HIGH |
||
Information Disclosure in data Modem while parsing an FMTP line in an SDP message. | 8.2 |
HIGH |
||
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 8.2 |
HIGH |
||
Transient DOS in Modem while allocating DSM items. | 7.5 |
HIGH |
||
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 |
CRITICAL |
||
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | 7.8 |
HIGH |
||
Memory corruption in WLAN handler while processing PhyID in Tx status handler. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. | 7.8 |
HIGH |
||
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. | 8.4 |
HIGH |
||
Memory corruption while allocating memory in COmxApeDec module in Audio. | 8.4 |
HIGH |
||
Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 7.8 |
HIGH |
||
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | 8.4 |
HIGH |
||
Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 7.8 |
HIGH |
||
Transient DOS due to improper authorization in Modem | 7.5 |
HIGH |
||
Memory corruption due to double free in Core while mapping HLOS address to the list. | 8.4 |
HIGH |
||
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.9 |
HIGH |
||
Memory corruption in Linux android due to double free while calling unregister provider after register call. | 7.8 |
HIGH |
||
information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
HIGH |
||
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | 7.5 |
HIGH |
||
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. | 8.4 |
HIGH |
||
Memory corruption in Graphics while importing a file. | 8.4 |
HIGH |
||
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 8.4 |
HIGH |
||
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 |
HIGH |
||
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. | 7.8 |
HIGH |
||
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 |
MEDIUM |
||
Memory corruption due to double free in core while initializing the encryption key. | 9.3 |
CRITICAL |