| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. |
| Memory corruption while processing MBSSID beacon containing several subelement IE. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Memory corruption in HLOS while checking for the storage type. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Memory corruption in Audio while processing the calibration data returned from ACDB loader. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. |
| Transient DOS in Audio when invoking callback function of ASM driver. |
| Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. |
| Transient DOS in Automotive OS due to improper authentication to the secure IO calls. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
