| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Transient DOS while parsing per STA profile in ML IE. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. |
| Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. |
| Memory corruption in Automotive Multimedia due to improper access control in HAB. |
| Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. |
| Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. |
| Information disclosure while parsing the OCI IE with invalid length. |
| Memory corruption while power-up or power-down sequence of the camera sensor. |
