CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
While processing the authentication message in UE, improper authentication may lead to information disclosure. | 5.4 |
Moyen |
||
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. | 7.5 |
Haute |
||
Information disclosure in Video while parsing mp2 clip with invalid section length. | 8.2 |
Haute |
||
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critique |
||
Memory corruption when the payload received from firmware is not as per the expected protocol size. | 7.8 |
Haute |
||
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | 6.1 |
Moyen |
||
Information disclosure while parsing dts header atom in Video. | 6.8 |
Moyen |
||
Memory corruption when multiple listeners are being registered with the same file descriptor. | 7.8 |
Haute |
||
Memory corruption when there is failed unmap operation in GPU. | 8.4 |
Haute |
||
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. | 5.5 |
Moyen |
||
Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
Haute |
||
Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
Memory corruption while parsing qcp clip with invalid chunk data size. | 9.8 |
Critique |
||
Memory corruption in Audio while processing RT proxy port register driver. | 8.4 |
Haute |
||
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. | 7.5 |
Haute |
||
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | 7.5 |
Haute |
||
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | 7.8 |
Haute |
||
Memory Corruption in Audio while allocating the ion buffer during the music playback. | 8.4 |
Haute |
||
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 |
Haute |
||
Memory corruption in Linux while calling system configuration APIs. | 7.8 |
Haute |
||
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. | 7.8 |
Haute |
||
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | 7.8 |
Haute |
||
Information disclosure in DSP Services while loading dynamic module. | 6.2 |
Moyen |