CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Transient DOS may occur while processing the country IE. | 7.5 |
Haute |
||
Memory corruption in display driver while detaching a device. | 7.8 |
Haute |
||
Memory corruption may occur while validating ports and channels in Audio driver. | 7.8 |
Haute |
||
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
Moyen |
||
While processing the authentication message in UE, improper authentication may lead to information disclosure. | 5.4 |
Moyen |
||
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 7.5 |
Haute |
||
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | 6.1 |
Moyen |
||
Memory corruption while maintaining memory maps of HLOS memory. | 7.8 |
Haute |
||
Memory corruption while processing IOCTL call for getting group info. | 7.8 |
Haute |
||
Memory corruption while processing concurrent IOCTL calls. | 7.8 |
Haute |
||
Memory corruption when two threads try to map and unmap a single node simultaneously. | 8.4 |
Haute |
||
Memory corruption when user provides data for FM HCI command control operations. | 7.8 |
Haute |
||
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | 7.5 |
Haute |
||
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. | 7.5 |
Haute |
||
Memory corruption when BTFM client sends new messages over Slimbus to ADSP. | 8.4 |
Haute |
||
Memory corruption when Alternative Frequency offset value is set to 255. | 7.8 |
Haute |
||
Information disclosure in Video while parsing mp2 clip with invalid section length. | 8.2 |
Haute |
||
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critique |
||
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | 8.4 |
Haute |
||
Memory corruption when the payload received from firmware is not as per the expected protocol size. | 7.8 |
Haute |
||
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | 8.4 |
Haute |
||
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | 7.5 |
Haute |
||
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | 6.1 |
Moyen |
||
Information disclosure while parsing dts header atom in Video. | 6.8 |
Moyen |
||
Memory corruption when multiple listeners are being registered with the same file descriptor. | 7.8 |
Haute |
||
Memory corruption when there is failed unmap operation in GPU. | 8.4 |
Haute |
||
Transient DOS while decoding message of size that exceeds the available system memory. | 7.5 |
Haute |
||
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. | 5.5 |
Moyen |
||
Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
Haute |
||
Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. | 7.8 |
Haute |
||
Memory corruption while parsing qcp clip with invalid chunk data size. | 9.8 |
Critique |
||
Memory corruption while invoking IOCTLs calls in Automotive Multimedia. | 8.4 |
Haute |
||
Memory corruption while invoking HGSL IOCTL context create. | 8.4 |
Haute |
||
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. | 7.5 |
Haute |
||
Memory corruption in Audio while processing RT proxy port register driver. | 8.4 |
Haute |
||
Memory corruption in Core Services while executing the command for removing a single event listener. | 9.3 |
Critique |
||
Memory Corruption in WLAN HOST while fetching TX status information. | 7.8 |
Haute |
||
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | 7.8 |
Haute |
||
Memory Corruption in Audio while allocating the ion buffer during the music playback. | 8.4 |
Haute |
||
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 |
Haute |
||
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | 7.8 |
Haute |
||
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | 7.8 |
Haute |
||
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | 6.8 |
Moyen |