CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Memory corruption while handling user packets during VBO bind operation. | 8.4 |
HIGH |
||
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. | 8.4 |
HIGH |
||
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. | 8.4 |
HIGH |
||
Memory corruption when allocating and accessing an entry in an SMEM partition. | 7.8 |
HIGH |
||
Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | 7.8 |
HIGH |
||
Information disclosure while parsing sub-IE length during new IE generation. | 7.5 |
HIGH |
||
Memory corruption while processing key blob passed by the user. | 7.8 |
HIGH |
||
Transient DOS while loading the TA ELF file. | 7.1 |
HIGH |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
HIGH |
||
Information disclosure while handling SA query action frame. | 7.5 |
HIGH |
||
INformation disclosure while handling Multi-link IE in beacon frame. | 7.5 |
HIGH |
||
Information Disclosure while parsing beacon frame in STA. | 9.1 |
CRITICAL |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
HIGH |
||
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. | 9.8 |
CRITICAL |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
HIGH |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
HIGH |
||
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. | 9.8 |
CRITICAL |
||
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. | 9.8 |
CRITICAL |
||
Memory corruption in video while parsing invalid mp2 clip. | 9.8 |
CRITICAL |
||
Memory corruption in Automotive Multimedia due to improper access control in HAB. | 8.4 |
HIGH |
||
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 7.8 |
HIGH |
||
Memory corruption in HLOS while converting from authorization token to HIDL vector. | 7.8 |
HIGH |
||
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | 7.8 |
HIGH |
||
Memory corruption in Core while processing control functions. | 9.3 |
CRITICAL |
||
Memory corruption in Audio while processing the calibration data returned from ACDB loader. | 7.8 |
HIGH |
||
Memory corruption in Audio while processing IIR config data from AFE calibration block. | 7.8 |
HIGH |
||
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. | 7.8 |
HIGH |
||
Information disclosure in Audio while accessing AVCS services from ADSP payload. | 7.1 |
HIGH |
||
Transient DOS in Audio when invoking callback function of ASM driver. | 5.5 |
MEDIUM |
||
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | 7.8 |
HIGH |
||
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | 7.1 |
HIGH |
||
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. | 7.1 |
HIGH |
||
Memory corruption in HLOS while running playready use-case. | 9.3 |
CRITICAL |
||
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 8.4 |
HIGH |
||
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | 8.4 |
HIGH |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
HIGH |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
HIGH |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
HIGH |
||
Memory corruption in Core while processing RX intent request. | 7.8 |
HIGH |
||
Memory corruption in Audio while running invalid audio recording from ADSP. | 7.8 |
HIGH |
||
Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | 7.1 |
HIGH |
||
Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
HIGH |
||
Memory corruption in Kernel while parsing metadata. | 8.4 |
HIGH |
||
Memory corruption in HLOS while invoking IOCTL calls from user-space. | 8.4 |
HIGH |
||
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
HIGH |
||
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
HIGH |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
MEDIUM |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
HIGH |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
HIGH |
||
Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
HIGH |
||
Memory Corruption in Audio while invoking IOCTLs calls from the user-space. | 7.8 |
HIGH |
||
Memory corruption in core services when Diag handler receives a command to configure event listeners. | 9 |
CRITICAL |
||
Cryptographic issue in HLOS during key management. | 7.8 |
HIGH |
||
Memory corruption in TZ Secure OS while loading an app ELF. | 8.2 |
HIGH |
||
Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
HIGH |
||
Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | 8.4 |
HIGH |
||
Memory Corruption in HLOS while registering for key provisioning notify. | 8.4 |
HIGH |
||
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. | 7.8 |
HIGH |
||
Weak configuration in Automotive while VM is processing a listener request from TEE. | 8.2 |
HIGH |
||
Improper Access to the VM resource manager can lead to Memory Corruption. | 8.7 |
HIGH |
||
Memory Corruption in Core Platform while printing the response buffer in log. | 7.8 |
HIGH |
||
Memory corruption in Core Platform while printing the response buffer in log. | 7.8 |
HIGH |
||
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | 7.7 |
HIGH |
||
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. | 9.3 |
CRITICAL |
||
Memory corruption due to untrusted pointer dereference in automotive during system call. | 9.1 |
CRITICAL |
||
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | 7.1 |
HIGH |
||
Memory corruption in Automotive GPU while querying a gsl memory node. | 8.4 |
HIGH |
||
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. | 6.2 |
MEDIUM |
||
Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 7.8 |
HIGH |
||
Information disclosure in Kernel due to indirect branch misprediction. | 7.1 |
HIGH |
||
Memory corruption due to double free in Core while mapping HLOS address to the list. | 8.4 |
HIGH |
||
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | 8.4 |
HIGH |
||
information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
HIGH |
||
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. | 7.3 |
HIGH |
||
Memory corruption in HAB Memory management due to broad system privileges via physical address. | 8.4 |
HIGH |
||
Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key. | 7.8 |
HIGH |
||
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information. | 9.3 |
CRITICAL |
||
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. | 8.4 |
HIGH |
||
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. | 9.3 |
CRITICAL |
||
Memory corruption due to double free in core while initializing the encryption key. | 9.3 |
CRITICAL |
||
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. | 7.8 |
HIGH |
||
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. | 9.3 |
CRITICAL |
||
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. | 7.8 |
HIGH |
||
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory. | 9.3 |
CRITICAL |
||
Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file. | 6 |
MEDIUM |
||
Memory corruption due to stack-based buffer overflow in Core | 8.4 |
HIGH |
||
Information disclosure due to buffer overread in Core | 6.8 |
MEDIUM |
||
Information disclosure due to buffer overread in Core | 6.8 |
MEDIUM |
||
Memory corruption in core due to stack-based buffer overflow | 8.4 |
HIGH |
||
Memory corruption in Core due to stack-based buffer overflow. | 8.4 |
HIGH |
||
Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer. | 9.3 |
CRITICAL |
||
Memory corruption in Automotive due to improper input validation. | 8.2 |
HIGH |
||
Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping. | 8.1 |
HIGH |
||
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 8.4 |
HIGH |
||
Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto | 8.4 |
HIGH |
||
Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
HIGH |
||
Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 8.4 |
HIGH |
||
Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | 7.1 |
HIGH |
||
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto | 8.4 |
HIGH |
||
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto | 8.4 |
HIGH |
||
Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto | 6.2 |
MEDIUM |
||
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto | 8.4 |
HIGH |
||
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto | 8.4 |
HIGH |
||
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.2 |
MEDIUM |
||
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 8.4 |
HIGH |
||
Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 9.3 |
CRITICAL |
||
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.3 |
HIGH |
||
Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
HIGH |
||
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 9.3 |
CRITICAL |
||
Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto | 7.8 |
HIGH |
||
Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto | 8.4 |
HIGH |
||
Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile | 7.1 |
HIGH |
||
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile | 8.4 |
HIGH |
||
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.8 |
HIGH |
||
Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 |
HIGH |
||
Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 |
HIGH |