information disclosure due to cryptographic issue in Core during RPMB read request.
7.1CVSS
5.2AI Score
0.0004EPSS
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
7.9CVSS
8AI Score
0.001EPSS
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
6.8CVSS
6.8AI Score
0.001EPSS
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
7.8CVSS
7.8AI Score
0.0004EPSS
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
8.2CVSS
7.4AI Score
0.001EPSS
Memory corruption due to double free in Core while mapping HLOS address to the list.
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
8.4CVSS
7.9AI Score
0.0004EPSS
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
8.4CVSS
7.7AI Score
0.0004EPSS
Weak configuration in Automotive while VM is processing a listener request from TEE.
8.2CVSS
8.1AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.001EPSS
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
8.2CVSS
7.3AI Score
0.001EPSS
8.2CVSS
7.3AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
7.8CVSS
7.9AI Score
0.0004EPSS
6.1CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
6.5CVSS
6.4AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.1CVSS
6.8AI Score
0.0004EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in Audio while processing IIR config data from AFE calibration block.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
7.8CVSS
6.8AI Score
0.0004EPSS
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
8.4CVSS
7.7AI Score
0.0004EPSS
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
7.8CVSS
7.9AI Score
0.0004EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
8.4CVSS
8.6AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
8.4CVSS
8.6AI Score
0.0004EPSS