Total
100
Critical
7
High
84
Medium
9
CISA KEV
0
Memory Corruption when processing IOCTLs for JPEG data without verification.
Memory corruption while processing a malformed license file during reboot.
Memory corruption during PlayReady APP usecase while processing TA commands.
Cryptographic issue while performing RSA PKCS padding decoding.
Memory corruption while performing private key encryption in trusted application.
Memory corruption while processing simultaneous requests via escape path.
Transient DOS while processing an ANQP message.
Information disclosure while processing the hash segment in an MBN file.
Information disclosure while reading data from an image using specified offset and size parameters.
Memory corruption during the image encoding process.
Memory corruption while processing event close when client process terminates abruptly.
Memory corruption while processing multiple simultaneous escape calls.
Memory corruption while processing a private escape command in an event trigger.
Transient DOS while processing received beacon frame.
Transient DOS may occur while processing malformed length field in SSID IEs.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Transient DOS may occur while parsing SSID in action frames.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
Memory corruption while IOCTL call is invoked from user-space to read board data.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption while processing escape code in API.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when IOCTL call is invoked from user-space to read board data.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption while taking snapshot when an offset variable is set by camera driver.
memory corruption when an invalid firehose patch command is invoked.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS while loading the TA ELF file.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption while processing IOCTL handler in FastRPC.
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Memory corruption when the channel ID passed by user is not validated and further used.
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
Memory corruption while allocating memory for graphics.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Core Services while executing the command for removing a single event listener.
Transient DOS while parse fils IE with length equal to 1.
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
Transient DOS in WLAN Firmware while parsing a BTM request.
Transient DOS in Data Modem during DTLS handshake.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption in HLOS while running playready use-case.
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
Transient DOS when processing a NULL buffer while parsing WLAN vdev.
Memory corruption when processing cmd parameters while parsing vdev.
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption while using the UIM diag command to get the operators name.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
Memory corruption while loading an ELF segment in TEE Kernel.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Information disclosure in WLAN HAL while handling command through WMI interfaces.
Information disclosure in WLAN HAL when reception status handler is called.
Information disclosure in WLAN HAL while handling the WMI state info command.
Information disclosure in IOE Firmware while handling WMI command.
Cryptographic issue in HLOS during key management.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Transient DOS in WLAN Firmware while parsing rsn ies.
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Transient DOS in Modem while allocating DSM items.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
Memory corruption in WLAN HAL while parsing WMI command parameters.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption while handling payloads from remote ESL.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
