| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory corruption in SPS Application while requesting for public key in sorter TA. |
| Transient DOS while parse fils IE with length equal to 1. |
| Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. |
| Memory Corruption in WLAN HOST while fetching TX status information. |
| Transient DOS in Modem while allocating DSM items. |
| Memory corruption in Core while processing control functions. |
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. |
| Memory corruption in HLOS while running playready use-case. |
| Transient DOS in Data Modem during DTLS handshake. |
| Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. |
