| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while playing audio file having large-sized input buffer. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
| Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. |
| Memory corruption when the IOCTL call is interrupted by a signal. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. |
