CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Transient DOS may occur while processing the country IE. | 7.5 |
Haute |
||
Memory corruption in display driver while detaching a device. | 7.8 |
Haute |
||
Memory corruption may occur while validating ports and channels in Audio driver. | 7.8 |
Haute |
||
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
Moyen |
||
Memory corruption during management frame processing due to mismatch in T2LM info element. | 9.8 |
Critique |
||
Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
Haute |
||
Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 |
Haute |
||
Memory corruption can occur in the camera when an invalid CID is used. | 7.8 |
Haute |
||
Memory corruption while configuring a Hypervisor based input virtual device. | 8.8 |
Haute |
||
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls to unmap the DMA buffers. | 7.8 |
Haute |
||
Memory corruption while processing IOCTL call for getting group info. | 7.8 |
Haute |
||
Memory corruption when two threads try to map and unmap a single node simultaneously. | 8.4 |
Haute |
||
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. | 7.5 |
Haute |
||
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | 7.5 |
Haute |
||
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. | 7.5 |
Haute |
||
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. | 7.5 |
Haute |
||
Memory corruption when BTFM client sends new messages over Slimbus to ADSP. | 8.4 |
Haute |
||
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA. | 7.8 |
Haute |
||
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. | 7.5 |
Haute |
||
Memory corruption in Hypervisor when platform information mentioned is not aligned. | 9.3 |
Critique |
||
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. | 7.8 |
Haute |
||
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. | 9.3 |
Critique |
||
Information disclosure while handling T2LM Action Frame in WLAN Host. | 7.5 |
Haute |
||
Memory corruption when the IOCTL call is interrupted by a signal. | 8.4 |
Haute |
||
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | 8.4 |
Haute |
||
Memory corruption while playing audio file having large-sized input buffer. | 9.8 |
Critique |
||
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 7.5 |
Haute |
||
Memory corruption when the payload received from firmware is not as per the expected protocol size. | 7.8 |
Haute |
||
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | 8.4 |
Haute |
||
Memory corruption while verifying the serialized header when the key pairs are generated. | 8.4 |
Haute |
||
Memory corruption in HLOS while checking for the storage type. | 7.8 |
Haute |
||
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | 8.4 |
Haute |
||
Memory corruption while processing Codec2 during v13k decoder pitch synthesis. | 9.8 |
Critique |
||
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. | 7.8 |
Haute |
||
Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
Haute |
||
Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. | 9.8 |
Critique |
||
Memory corruption while processing MBSSID beacon containing several subelement IE. | 9.8 |
Critique |
||
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. | 7.8 |
Haute |
||
Memory corruption while processing TPC target power table in FTM TPC. | 8.4 |
Haute |
||
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame. | 7.5 |
Haute |
||
Memory corruption in Core Services while executing the command for removing a single event listener. | 9.3 |
Critique |
||
Transient DOS in WLAN firmware while parsing MLO (multi-link operation). | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. | 7.5 |
Haute |
||
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | 7.5 |
Haute |
||
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. | 9.8 |
Critique |
||
Memory corruption in WLAN HAL while parsing WMI command parameters. | 7.8 |
Haute |
||
Memory corruption in WLAN HAL while handling command through WMI interfaces. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while fetching TX status information. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | 7.8 |
Haute |
||
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | 7.8 |
Haute |
||
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. | 8.4 |
Haute |