| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Memory corruption during concurrent access to server info object due to unprotected critical field. |
| Memory corruption while processing data packets in diag received from Unix clients. |
| Memory corruption while processing manipulated payload in video firmware. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Memory corruption may occur while validating ports and channels in Audio driver. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. |
| Memory corruption when BTFM client sends new messages over Slimbus to ADSP. |
| Memory Corruption in WLAN HOST while fetching TX status information. |
| Memory corruption in HLOS while running playready use-case. |
| Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
