CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 7.8 |
Haute |
||
Memory corruption when IOCTL call is invoked from user-space to read board data. | 7.8 |
Haute |
||
Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 8.4 |
Haute |
||
Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | 8.4 |
Haute |
||
Memory corruption while allocating memory for graphics. | 8.4 |
Haute |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
Haute |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
Haute |
||
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | 7.5 |
Haute |
||
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. | 7.8 |
Haute |
||
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing a BTM request. | 7.5 |
Haute |
||
Transient DOS in Data Modem during DTLS handshake. | 7.5 |
Haute |
||
Memory corruption while receiving a message in Bus Socket Transport Server. | 7.8 |
Haute |
||
Memory corruption in Audio during playback with speaker protection. | 8.4 |
Haute |
||
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | 9.3 |
Critique |
||
Memory corruption in HLOS while running playready use-case. | 9.3 |
Critique |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
Haute |
||
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
Haute |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
Moyen |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
Haute |
||
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
Haute |
||
Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
Haute |
||
Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
Haute |
||
Information disclosure in WLAN HAL while handling command through WMI interfaces. | 6.1 |
Moyen |
||
Information disclosure in WLAN HAL when reception status handler is called. | 6.1 |
Moyen |
||
Information disclosure in WLAN HAL while handling the WMI state info command. | 6.1 |
Moyen |
||
Information disclosure in IOE Firmware while handling WMI command. | 6.1 |
Moyen |
||
Cryptographic issue in HLOS during key management. | 7.8 |
Haute |
||
Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 9.8 |
Critique |
||
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. | 7.8 |
Haute |
||
Memory corruption in WLAN handler while processing PhyID in Tx status handler. | 7.8 |
Haute |
||
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. | 7.8 |
Haute |