| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when BTFM client sends new messages over Slimbus to ADSP. |
| Information Disclosure in data Modem while parsing an FMTP line in an SDP message. |
| Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption while processing data packets in diag received from Unix clients. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. |
