| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame. |
| Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. |
| Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. |
| Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. |
| Memory corruption due to double free in Core while mapping HLOS address to the list. |
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. |
| Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. |
| Memory corruption when multiple threads try to unregister the CVP buffer at the same time. |
| Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. |
| Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. |
| Memory corruption in WLAN Host while processing RRM beacon on the AP. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
| Memory corruption during session sign renewal request calls in HLOS. |
| Transient DOS during music playback of ALAC content. |
| Information disclosure while handling beacon probe frame during scan entry generation in client side. |
| Memory corruption when allocating and accessing an entry in an SMEM partition. |
| Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image. |
