| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Memory corruption when two threads try to map and unmap a single node simultaneously. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Memory Corruption in Audio while allocating the ion buffer during the music playback. |
| Memory corruption while processing finish_sign command to pass a rsp buffer. |
| Memory corruption in Audio while processing RT proxy port register driver. |
| Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. |
| Transient DOS while handling PS event when Program Service name length offset value is set to 255. |
| Memory corruption while processing API calls to NPU with invalid input. |
| Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. |
| Memory corruption while performing finish HMAC operation when context is freed by keymaster. |
| Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. |
| Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. |
| The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. |
| Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 820, SD 820A, SD 845 / SD 850, SDM439, SDM660, SDX20 |
| Memory corruption while processing GPU page table switch. |
