| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. |
| Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. |
| Memory corruption while processing command in Glink linux. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. |
| Memory corruption while using the UIM diag command to get the operators name. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
