| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Transient DOS in WLAN Firmware while parsing a BTM request. |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption when Alternative Frequency offset value is set to 255. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Memory corruption while invoking IOCTLs calls in Automotive Multimedia. |
| Memory corruption in HLOS while invoking IOCTL calls from user-space. |
| Memory corruption in Core while processing control functions. |
| Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| Memory corruption when user provides data for FM HCI command control operations. |
