| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
| The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. |
| The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. |
| The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. |
| The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. |
| The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. |
| The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. |
| The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. |
| The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. |
| The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. |
| In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
| In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. |
| In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed. |
| In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. |
| In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
