| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. |
| Memory Corruption in Data Modem while making a MO call or MT VOLTE call. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Information disclosure while parsing dts header atom in Video. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
