| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Cryptographic issue in HLOS during key management. |
| Memory corruption while parsing qcp clip with invalid chunk data size. |
| Improper Access to the VM resource manager can lead to Memory Corruption. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption when Alternative Frequency offset value is set to 255. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
