| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. |
| Memory corruption while parsing the ML IE due to invalid frame content. |
| Information disclosure while parsing the OCI IE with invalid length. |
| Memory corruption while power-up or power-down sequence of the camera sensor. |
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. |
| Memory corruption can occur in the camera when an invalid CID is used. |
| Memory corruption while configuring a Hypervisor based input virtual device. |
| transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA. |
| Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. |
| Memory corruption when the bandpass filter order received from AHAL is not within the expected range. |
| Memory corruption while processing Codec2 during v13k decoder pitch synthesis. |
| Transient DOS while processing channel information for speaker protection v2 module in ADSP. |
| Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. |
| Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. |
| Memory corruption when allocating and accessing an entry in an SMEM partition continuously. |
| Memory corruption while Configuring the SMR/S2CR register in Bypass mode. |
| Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
