| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption in Audio while running invalid audio recording from ADSP. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption when Alternative Frequency offset value is set to 255. |
| Memory corruption while invoking callback function of AFE from ADSP. |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption in Audio while processing IIR config data from AFE calibration block. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption while processing finish_sign command to pass a rsp buffer. |
| Memory corruption while parsing qcp clip with invalid chunk data size. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. |
