Total
100
Critical
12
High
74
Medium
14
CISA KEV
0
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
Cryptographic issue while performing RSA PKCS padding decoding.
Information disclosure while processing the hash segment in an MBN file.
Information disclosure while reading data from an image using specified offset and size parameters.
Transient DOS while processing received beacon frame.
Transient DOS may occur while processing malformed length field in SSID IEs.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
There may be information disclosure during memory re-allocation in TZ Secure OS.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
memory corruption when an invalid firehose patch command is invoked.
Cryptographic issue while parsing RSA keys in COBR format.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption while processing key blob passed by the user.
Transient DOS while loading the TA ELF file.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Memory corruption in HLOS while checking for the storage type.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Core Services while executing the command for removing a single event listener.
Transient DOS while parse fils IE with length equal to 1.
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption in Core while processing control functions.
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
Transient DOS in WLAN Firmware while parsing a BTM request.
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in HLOS while running playready use-case.
Memory corruption when processing cmd parameters while parsing vdev.
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
Memory corruption while loading an ELF segment in TEE Kernel.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Information disclosure in WLAN HAL while handling command through WMI interfaces.
Information disclosure in WLAN HAL while handling the WMI state info command.
Information disclosure in IOE Firmware while handling WMI command.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Transient DOS in WLAN Firmware while parsing rsn ies.
Transient DOS in Modem while allocating DSM items.
Improper Access to the VM resource manager can lead to Memory Corruption.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory Corruption in Core Platform while printing the response buffer in log.
Memory corruption in Core Platform while printing the response buffer in log.
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
Transient DOS in WLAN Firmware while processing frames with missing header fields.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
Information disclosure in Kernel due to indirect branch misprediction.
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
information disclosure due to cryptographic issue in Core during RPMB read request.
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Memory corruption due to stack-based buffer overflow in Core
Information disclosure due to buffer overread in Core
Information disclosure due to buffer overread in Core
Memory corruption in core due to stack-based buffer overflow
Memory corruption in Core due to stack-based buffer overflow.
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
