| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. |
| Transient DOS may occur while processing the country IE. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while playing audio file having large-sized input buffer. |
| Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Cryptographic issue occurs due to use of insecure connection method while downloading. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |