| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS in Audio when invoking callback function of ASM driver. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption in Audio while processing IIR config data from AFE calibration block. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption while processing finish_sign command to pass a rsp buffer. |
| Memory corruption when two threads try to map and unmap a single node simultaneously. |
| Information disclosure in Video while parsing mp2 clip with invalid section length. |
| Memory Corruption in Audio while allocating the ion buffer during the music playback. |
| Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption while running VK synchronization with KASAN enabled. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
