| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption while invoking callback function of AFE from ADSP. |
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. |
| Memory corruption during concurrent access to server info object due to unprotected critical field. |
| Memory corruption when processing cmd parameters while parsing vdev. |
| Memory corruption while loading an ELF segment in TEE Kernel. |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Transient DOS in Bluetooth Host while rfc slot allocation. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
