CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Memory corruption while processing API calls to NPU with invalid input. | 7.8 |
Haute |
||
Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 8.4 |
Haute |
||
Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | 8.4 |
Haute |
||
Transient DOS while parsing BTM ML IE when per STA profile is not included. | 7.5 |
Haute |
||
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. | 6.7 |
Moyen |
||
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. | 7.5 |
Haute |
||
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. | 7.5 |
Haute |
||
Transient DOS during music playback of ALAC content. | 7.5 |
Haute |
||
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. | 8.4 |
Haute |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
Haute |
||
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. | 9.8 |
Critique |
||
Memory corruption in video while parsing invalid mp2 clip. | 9.8 |
Critique |
||
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 7.8 |
Haute |
||
Memory corruption in HLOS while converting from authorization token to HIDL vector. | 7.8 |
Haute |
||
Memory corruption in Audio while processing the calibration data returned from ACDB loader. | 7.8 |
Haute |
||
Memory corruption in Audio while processing IIR config data from AFE calibration block. | 7.8 |
Haute |
||
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. | 7.8 |
Haute |
||
Information disclosure in Audio while accessing AVCS services from ADSP payload. | 7.1 |
Haute |
||
Transient DOS in Audio when invoking callback function of ASM driver. | 5.5 |
Moyen |
||
Memory corruption in Audio when memory map command is executed consecutively in ADSP. | 7.8 |
Haute |
||
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. | 8.4 |
Haute |
||
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. | 7.8 |
Haute |
||
Memory corruption in Audio during playback with speaker protection. | 8.4 |
Haute |
||
Memory corruption in HLOS while running playready use-case. | 9.3 |
Critique |
||
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | 7.8 |
Haute |
||
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 8.4 |
Haute |
||
Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | 7.1 |
Haute |
||
Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
Haute |
||
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | 9.1 |
Critique |
||
Memory corruption while sending SMS from AP firmware. | 7.8 |
Haute |
||
Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
Haute |
||
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
Haute |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
Haute |
||
Memory Corruption in Audio while invoking IOCTLs calls from the user-space. | 7.8 |
Haute |
||
Memory Corruption in camera while installing a fd for a particular DMA buffer. | 7.8 |
Haute |
||
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. | 7.8 |
Haute |
||
Memory corruption in Audio while processing the VOC packet data from ADSP. | 7.8 |
Haute |
||
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | 7.8 |
Haute |
||
Memory corruption while processing audio effects. | 7.8 |
Haute |
||
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. | 6.1 |
Moyen |
||
Information Disclosure in data Modem while parsing an FMTP line in an SDP message. | 8.2 |
Haute |
||
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 8.2 |
Haute |
||
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 |
Critique |
||
Memory corruption while allocating memory in COmxApeDec module in Audio. | 8.4 |
Haute |
||
Transient DOS due to improper authorization in Modem | 7.5 |
Haute |
||
Memory corruption in Linux while sending DRM request. | 7.8 |
Haute |
||
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.9 |
Haute |
||
Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | 7.8 |
Haute |
||
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host | 7.8 |
Haute |
||
Memory corruption in Linux android due to double free while calling unregister provider after register call. | 7.8 |
Haute |
||
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications. | 7.8 |
Haute |
||
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. | 7.8 |
Haute |
||
information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
Haute |
||
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. | 8.4 |
Haute |
||
Memory corruption in Graphics while importing a file. | 8.4 |
Haute |
||
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 8.4 |
Haute |
||
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 |
Haute |
||
Memory corruption due to use after free in Modem while modem initialization. | 7.8 |
Haute |
||
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 |
Moyen |