| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. |
| Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Information Disclosure in data Modem while parsing an FMTP line in an SDP message. |
| Transient DOS in Modem while triggering a camping on an 5G cell. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. |
| Transient DOS in WLAN Firmware while parsing no-inherit IES. |
| Memory corruption while running VK synchronization with KASAN enabled. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Improper Access to the VM resource manager can lead to Memory Corruption. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
