| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory Corruption in Data Modem while making a MO call or MT VOLTE call. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Memory corruption while invoking callback function of AFE from ADSP. |
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. |
| Memory corruption in HLOS while converting from authorization token to HIDL vector. |
| Memory corruption during concurrent access to server info object due to unprotected critical field. |
| Memory corruption when two threads try to map and unmap a single node simultaneously. |
