CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset. | 7.8 |
Haute |
||
Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address. | 7.8 |
Haute |
||
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
Moyen |
||
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | 7.8 |
Haute |
||
Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
Haute |
||
Memory corruption may occour while generating test pattern due to negative indexing of display ID. | 7.8 |
Haute |
||
Memory corruption while handling IOCTL call from user-space to set latency level. | 7.8 |
Haute |
||
Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer. | 7.8 |
Haute |
||
Memory corruption while configuring a Hypervisor based input virtual device. | 8.8 |
Haute |
||
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. | 7.8 |
Haute |
||
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. | 7.8 |
Haute |
||
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. | 7.8 |
Haute |
||
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. | 7.8 |
Haute |
||
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 7.8 |
Haute |
||
Memory corruption when IOCTL call is invoked from user-space to read board data. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. | 7.8 |
Haute |
||
Memory corruption while processing API calls to NPU with invalid input. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. | 7.8 |
Haute |
||
Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 8.4 |
Haute |
||
Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | 8.4 |
Haute |
||
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice. | 7.8 |
Haute |
||
Memory corruption while station LL statistic handling. | 7.8 |
Haute |
||
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. | 9.1 |
Critique |
||
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver. | 7.8 |
Haute |
||
Memory corruption while handling IOCTL calls in JPEG Encoder driver. | 7.8 |
Haute |
||
Transient DOS while parsing BTM ML IE when per STA profile is not included. | 7.5 |
Haute |
||
Memory corruption while taking snapshot when an offset variable is set by camera driver. | 8.4 |
Haute |
||
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. | 7.8 |
Haute |
||
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | 7.5 |
Haute |
||
Memory corruption when the captureRead QDCM command is invoked from user-space. | 8.4 |
Haute |
||
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. | 7.5 |
Haute |
||
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. | 6.2 |
Moyen |
||
Memory corruption during session sign renewal request calls in HLOS. | 7.8 |
Haute |
||
Memory corruption when keymaster operation imports a shared key. | 7.8 |
Haute |
||
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. | 8.4 |
Haute |
||
Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | 7.8 |
Haute |
||
Memory corruption while processing key blob passed by the user. | 7.8 |
Haute |
||
Transient DOS while loading the TA ELF file. | 7.1 |
Haute |
||
Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
Haute |
||
Memory corruption while processing IOCTL handler in FastRPC. | 8.4 |
Haute |
||
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. | 7.5 |
Haute |
||
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. | 8.4 |
Haute |
||
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. | 7.8 |
Haute |
||
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. | 9.3 |
Critique |
||
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 7.5 |
Haute |
||
Memory corruption when the channel ID passed by user is not validated and further used. | 7.8 |
Haute |
||
Memory corruption when size of buffer from previous call is used without validation or re-initialization. | 8.4 |
Haute |
||
Memory corruption while verifying the serialized header when the key pairs are generated. | 8.4 |
Haute |
||
Memory corruption in HLOS while checking for the storage type. | 7.8 |
Haute |
||
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | 8.4 |
Haute |
||
Memory corruption while allocating memory for graphics. | 8.4 |
Haute |
||
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. | 7.8 |
Haute |
||
Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
Haute |
||
Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
Memory corruption while processing TPC target power table in FTM TPC. | 8.4 |
Haute |
||
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render. | 8.4 |
Haute |
||
Memory corruption while processing the IOCTL FM HCI WRITE request. | 8.4 |
Haute |
||
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame. | 7.5 |
Haute |
||
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. | 7.5 |
Haute |
||
Information Disclosure while processing IOCTL request in FastRPC. | 5.5 |
Moyen |
||
Memory corruption in Core Services while executing the command for removing a single event listener. | 9.3 |
Critique |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
Haute |
||
Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger. | 8.4 |
Haute |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
Haute |
||
Memory corruption while reading ACPI config through the user mode app. | 8.4 |
Haute |
||
Transient DOS while processing 11AZ RTT management action frame received through OTA. | 7.5 |
Haute |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
Haute |
||
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | 7.8 |
Haute |
||
Memory corruption in Core while processing control functions. | 9.3 |
Critique |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while processing a FTMR frame. | 7.5 |
Haute |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
Haute |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
Haute |
||
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 |
Haute |
||
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 |
Haute |
||
Memory corruption in HLOS while invoking IOCTL calls from user-space. | 8.4 |
Haute |
||
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
Haute |
||
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
Haute |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
Moyen |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
Haute |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
Haute |
||
Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
Haute |
||
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing t2lm buffers. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
Haute |
||
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 9.8 |
Critique |
||
Memory corruption in core services when Diag handler receives a command to configure event listeners. | 9 |
Critique |
||
Cryptographic issue in HLOS during key management. | 7.8 |
Haute |
||
Memory corruption in TZ Secure OS while loading an app ELF. | 8.2 |
Haute |
||
Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
Haute |