| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while playing audio file having large-sized input buffer. |
| Memory corruption in Audio while processing RT proxy port register driver. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. |
| Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption in DSP Service during a remote call from HLOS to DSP. |
| Memory corruption while processing finish_sign command to pass a rsp buffer. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Information disclosure in Video while parsing mp2 clip with invalid section length. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| Information disclosure in IOE Firmware while handling WMI command. |
