information disclosure due to cryptographic issue in Core during RPMB read request.
7.1CVSS
5.2AI Score
0.0004EPSS
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
7.9CVSS
8AI Score
0.001EPSS
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
6.8CVSS
6.8AI Score
0.001EPSS
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
7.8CVSS
7.8AI Score
0.0004EPSS
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
8.2CVSS
7.4AI Score
0.001EPSS
Memory corruption due to double free in Core while mapping HLOS address to the list.
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
8.4CVSS
7.9AI Score
0.0004EPSS
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
7.8CVSS
7.7AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
8.2CVSS
7.3AI Score
0.001EPSS
8.2CVSS
7.3AI Score
0.001EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
7.8CVSS
7.9AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
6.5CVSS
6.4AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
7.8CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
9.1CVSS
9.1AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
7.5CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
7.8CVSS
6.8AI Score
0.0004EPSS
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
8.4CVSS
7.7AI Score
0.0004EPSS
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
7.8CVSS
7.9AI Score
0.0004EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
8.4CVSS
8.6AI Score
0.0004EPSS