| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while invoking HGSL IOCTL context create. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Memory corruption while parsing qcp clip with invalid chunk data size. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Cryptographic issue in HLOS during key management. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory corruption while processing concurrent IOCTL calls. |
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls, |
