CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Transient DOS may occur while processing the country IE. | 7.5 |
Haute |
||
Memory corruption in display driver while detaching a device. | 7.8 |
Haute |
||
Memory corruption may occur while validating ports and channels in Audio driver. | 7.8 |
Haute |
||
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
Moyen |
||
While processing the authentication message in UE, improper authentication may lead to information disclosure. | 5.4 |
Moyen |
||
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. | 7.8 |
Haute |
||
Memory corruption during management frame processing due to mismatch in T2LM info element. | 9.8 |
Critique |
||
Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
Haute |
||
Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 |
Haute |
||
Memory corruption can occur in the camera when an invalid CID is used. | 7.8 |
Haute |
||
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 7.8 |
Haute |
||
Memory corruption while validating number of devices in Camera kernel . | 7.8 |
Haute |
||
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. | 7.8 |
Haute |
||
Memory corruption while parsing the ML IE due to invalid frame content. | 9.8 |
Critique |
||
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 7.5 |
Haute |
||
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 7.8 |
Haute |
||
Memory corruption while processing IOCTL calls to unmap the buffers. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. | 6.7 |
Moyen |