| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. |
| Memory corruption while loading an ELF segment in TEE Kernel. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption while verifying the serialized header when the key pairs are generated. |
| Information disclosure in Video while parsing mp2 clip with invalid section length. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Information disclosure while parsing dts header atom in Video. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
