| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS in WLAN Firmware while parsing rsn ies. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. |
| Memory corruption in DSP Service during a remote call from HLOS to DSP. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. |
| Memory corruption in display driver while detaching a device. |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. |
| Cryptographic issue in HLOS during key management. |
| Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. |
| Memory corruption while triggering commands in the PlayReady Trusted application. |
| Memory corruption may occur while accessing a variable during extended back to back tests. |
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. |
