| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Memory corruption in video while parsing invalid mp2 clip. |
| Memory corruption when IOCTL call is invoked from user-space to read board data. |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Memory corruption while invoking IOCTLs calls in Automotive Multimedia. |
| Memory corruption while invoking HGSL IOCTL context create. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
