| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. |
| Memory corruption in Hypervisor when platform information mentioned is not aligned. |
| Memory corruption when BTFM client sends new messages over Slimbus to ADSP. |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. |
| Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. |
| Transient DOS may occur while processing malformed length field in SSID IEs. |
| Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
