| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. |
| Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. |
| Information disclosure while opening a fastrpc session when domain is not sanitized. |
| Information disclosure while handling beacon or probe response frame in STA. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Memory corruption while triggering commands in the PlayReady Trusted application. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory corruption when two threads try to map and unmap a single node simultaneously. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Transient DOS while processing received beacon frame. |
| Memory corruption while processing data packets in diag received from Unix clients. |
| Memory corruption while processing concurrent IOCTL calls. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
