| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. |
| Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data. |
| Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed. |
| Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. |
| Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames. |
| Denial of service in modem due to missing null check while processing IP packets with padding |
| Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM |
| Initial xbl_sec revision does not have all the debug policy features and critical checks. |
| Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW |
| Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. |
| An image with a version lower than the fuse version may potentially be booted lead to improper authentication. |
| An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat' |
| Certain unprivileged processes are able to perform IOCTL calls. |
| Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. |
| Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. |
| Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. |
| Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. |
| Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. |
| Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. |
