Total
90
Critical
7
High
73
Medium
10
CISA KEV
3
Memory corruption while using alignments for memory allocation.
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Memory corruption while processing MFC channel configuration during music playback.
Memory corruption during PlayReady APP usecase while processing TA commands.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
Cryptographic issue while performing RSA PKCS padding decoding.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Memory corruption while processing GPU page table switch.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption when user provides data for FM HCI command control operations.
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
Memory corruption when Alternative Frequency offset value is set to 255.
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in HLOS while running playready use-case.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption while using the UIM diag command to get the operators name.
Transient DOS in Bluetooth Host while rfc slot allocation.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Memory corruption in Graphics while processing user packets for command submission.
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
Memory corruption while allocating memory in COmxApeDec module in Audio.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
Transient DOS due to improper authorization in Modem
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
information disclosure due to cryptographic issue in Core during RPMB read request.
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory corruption in Graphics while importing a file.
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
Memory corruption in modem due to buffer overflow while processing a PPP packet
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Information Disclosure in Graphics during GPU context switch.
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.
Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
Denial of service while processing fastboot flash command on mmc due to buffer over read
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
