Memory Corruption in Core due to secure memory access by user while loading modem image.
8.4CVSS
7.5AI Score
0.0004EPSS
8.2CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in core services when Diag handler receives a command to configure event listeners.
9CVSS
7.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
6.5CVSS
6.4AI Score
0.0004EPSS
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
9.8CVSS
9.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while processing 11AZ RTT management action frame received through OTA.
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
8.6AI Score
0.0004EPSS
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
8.4CVSS
8.6AI Score
0.0004EPSS
7.1CVSS
7AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
7.8CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
8.7AI Score
0.0004EPSS
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5CVSS
7.6AI Score
0.0005EPSS