| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Transient DOS in WLAN Firmware while parsing no-inherit IES. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Transient DOS while processing received beacon frame. |
| Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |
| Memory corruption in HLOS while checking for the storage type. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
