| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Memory corruption while processing MBSSID beacon containing several subelement IE. |
| Memory corruption in Core while processing RX intent request. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| Memory corruption while processing command in Glink linux. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |
| Memory corruption in Audio while processing IIR config data from AFE calibration block. |
| Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware. |
| Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. |
| Memory corruption in SPS Application while requesting for public key in sorter TA. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |