Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...
7.5CVSS
7.5AI Score
0.0005EPSS
9.8CVSS
9.6AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote...
9.8CVSS
9.3AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT...
6.5CVSS
6.4AI Score
0.0004EPSS
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI...
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in WLAN FW while processing command parameters from untrusted WMI...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory Corruption due to improper validation of array index in Linux while updating adn...
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...
7.8CVSS
7.8AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...
7.8CVSS
7.5AI Score
0.0004EPSS
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...
7.8CVSS
7.5AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.0005EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...
7CVSS
6.9AI Score
0.0004EPSS
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data...
7.8CVSS
7.6AI Score
0.0004EPSS
Information disclosure in Network Services due to buffer over-read while the device receives DNS...
7.5CVSS
7.5AI Score
0.001EPSS
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one...
7.1CVSS
7AI Score
0.0004EPSS
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after...
7.1CVSS
6.8AI Score
0.0004EPSS
Memory corruption due to untrusted pointer dereference in automotive during system...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in...
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Information disclosure in Bluetooth when an GATT packet is received due to improper input...
6.5CVSS
6.3AI Score
0.0005EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Trusted Execution Environment while calling service API with invalid...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS...
9.8CVSS
9.6AI Score
0.001EPSS
Memory corruption in Linux when the file upload API is called with parameters having large...
7.8CVSS
7.8AI Score
0.0004EPSS
6.8CVSS
6.7AI Score
0.001EPSS
Memory Corruption in Data Modem while processing DMA buffer release event about CFR...
7.8CVSS
7.7AI Score
0.0004EPSS
An app with non-privileged access can change global system brightness and cause undesired system...
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in Video while calling APIs with different instance ID than the one received in...
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS