| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure while handling T2LM Action Frame in WLAN Host. |
| Transient DOS in Modem while triggering a camping on an 5G cell. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Memory corruption in Kernel while parsing metadata. |
| Memory corruption in HLOS while checking for the storage type. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
| Memory corruption while processing IOCTL call for getting group info. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
