| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
| Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
| Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. |
| Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. |
| Memory corruption while allocating memory in HGSL driver. |
| Transient DOS while processing TID-to-link mapping IE elements. |
| Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. |
| Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver. |
| Memory corruption while handling IOCTL calls in JPEG Encoder driver. |
| Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. |
| Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. |
| Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
| Transient DOS while processing the CU information from RNR IE. |
| Memory corruption while processing GPU page table switch. |
| Memory corruption while processing voice packet with arbitrary data received from ADSP. |
| Memory corruption while processing GPU commands. |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. |
| Memory corruption while handling session errors from firmware. |
| Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. |
