| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory Corruption in Core due to secure memory access by user while loading modem image. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
