| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Information disclosure in IOE Firmware while handling WMI command. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage. |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| Memory corruption while playing audio file having large-sized input buffer. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. |
