| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption while passing untrusted/corrupted pointers from DSP to EVA. |
| Memory corruption when the captureRead QDCM command is invoked from user-space. |
| Memory corruption when user provides data for FM HCI command control operations. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Memory corruption while processing multiple simultaneous escape calls. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Memory corruption when Alternative Frequency offset value is set to 255. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption in Hypervisor when platform information mentioned is not aligned. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
