| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption while processing MBSSID beacon containing several subelement IE. |
| Memory corruption while invoking HGSL IOCTL context create. |
| Memory corruption while invoking IOCTLs calls in Automotive Multimedia. |
| Memory corruption while parsing qcp clip with invalid chunk data size. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption while verifying the serialized header when the key pairs are generated. |
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. |
