CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | 7.8 |
Haute |
||
Memory corruption while processing GPU page table switch. | 7.8 |
Haute |
||
Memory corruption while processing voice packet with arbitrary data received from ADSP. | 7.8 |
Haute |
||
Memory corruption when two threads try to map and unmap a single node simultaneously. | 8.4 |
Haute |
||
Memory corruption when user provides data for FM HCI command control operations. | 7.8 |
Haute |
||
Transient DOS while handling PS event when Program Service name length offset value is set to 255. | 5.5 |
Moyen |
||
Memory corruption when Alternative Frequency offset value is set to 255. | 7.8 |
Haute |
||
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. | 6.2 |
Moyen |
||
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. | 7.5 |
Haute |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
Haute |
||
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critique |
||
Memory corruption when there is failed unmap operation in GPU. | 8.4 |
Haute |
||
Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
Haute |
||
Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
Memory corruption in Audio while processing RT proxy port register driver. | 8.4 |
Haute |
||
Memory corruption in Core Services while executing the command for removing a single event listener. | 9.3 |
Critique |
||
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 7.8 |
Haute |
||
Memory corruption in Audio when memory map command is executed consecutively in ADSP. | 7.8 |
Haute |
||
Memory corruption in Audio during playback with speaker protection. | 8.4 |
Haute |
||
Memory corruption in HLOS while running playready use-case. | 9.3 |
Critique |
||
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 8.4 |
Haute |
||
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
Haute |
||
Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
Haute |
||
Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
Haute |
||
Transient DOS in Bluetooth Host while rfc slot allocation. | 7.5 |
Haute |
||
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
Haute |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
Haute |
||
Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
Haute |
||
Memory corruption in Audio while processing the VOC packet data from ADSP. | 7.8 |
Haute |
||
Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 9.8 |
Critique |
||
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. | 7.8 |
Haute |
||
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 8.2 |
Haute |
||
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 |
Critique |
||
Memory corruption in Graphics while processing user packets for command submission. | 8.4 |
Haute |
||
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. | 7.5 |
Haute |
||
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | 7.5 |
Haute |
||
Memory corruption while allocating memory in COmxApeDec module in Audio. | 8.4 |
Haute |
||
Memory Corruption in Audio while playing amrwbplus clips with modified content. | 8.4 |
Haute |
||
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | 7.1 |
Haute |
||
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. | 9.8 |
Critique |
||
Memory Corruption in Audio while allocating the ion buffer during the music playback. | 8.4 |
Haute |
||
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 |
Haute |
||
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | 6.8 |
Moyen |
||
Transient DOS due to improper authorization in Modem | 7.5 |
Haute |
||
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.9 |
Haute |
||
information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
Haute |
||
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | 7.5 |
Haute |
||
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. | 8.4 |
Haute |
||
Memory corruption in Graphics while importing a file. | 8.4 |
Haute |
||
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 8.4 |
Haute |
||
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. | 8.2 |
Haute |
||
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 |
Haute |
||
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 |
Moyen |
||
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | 9.8 |
Critique |
||
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | 9.8 |
Critique |
||
Memory corruption in modem due to buffer overflow while processing a PPP packet | 8.8 |
Haute |
||
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response | 7.8 |
Haute |
||
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | 8.4 |
Haute |
||
Information Disclosure in Graphics during GPU context switch. | 6.2 |
Moyen |
||
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet. | 8.8 |
Haute |
||
Memory corruption due to configuration weakness in modem wile sending command to write protected files. | 7.8 |
Haute |
||
Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data. | 7.5 |
Haute |
||
Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed. | 7.5 |
Haute |
||
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. | 7.8 |
Haute |
||
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. | 8.2 |
Haute |
||
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote | 9.8 |
Critique |
||
Denial of service while processing fastboot flash command on mmc due to buffer over read | 4.6 |
Moyen |
||
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
Haute |
||
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
Haute |
||
Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 6.8 |
Moyen |
||
Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.5 |
Haute |
||
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
Haute |
||
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
Haute |