| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P |
| Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
| Transient DOS while parsing ESP IE from beacon/probe response frame. |
| Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. |
| Memory corruption while allocating memory in HGSL driver. |
| Memory corruption while processing IOCTL call to set metainfo. |
| Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. |
| Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. |
| Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. |
| Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. |
| Memory corruption while processing GPU page table switch. |
| Memory corruption while processing voice packet with arbitrary data received from ADSP. |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. |
| Memory corruption while handling session errors from firmware. |
| Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. |
| Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. |
| Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. |
| Cryptographic issue while parsing RSA keys in COBR format. |
| memory corruption when an invalid firehose patch command is invoked. |
