Total
100
Critical
16
High
69
Medium
15
CISA KEV
0
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
Transient DOS when MAC configures config id greater than supported maximum value.
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Memory corruption while selecting the PLMN from SOR failed list.
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
Cryptographic issue while performing RSA PKCS padding decoding.
Transient DOS while processing CCCH data when NW sends data with invalid length.
Information disclosure while processing the hash segment in an MBN file.
Information disclosure while reading data from an image using specified offset and size parameters.
Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
There may be information disclosure during memory re-allocation in TZ Secure OS.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
While processing the authentication message in UE, improper authentication may lead to information disclosure.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
memory corruption when an invalid firehose patch command is invoked.
Cryptographic issue while parsing RSA keys in COBR format.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption while processing key blob passed by the user.
Transient DOS while loading the TA ELF file.
Memory corruption in Hypervisor when platform information mentioned is not aligned.
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Memory corruption in HLOS while checking for the storage type.
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption in Core while processing control functions.
Transient DOS in Multi-Mode Call Processor while processing UE policy container.
Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.
Transient DOS in Data Modem during DTLS handshake.
Memory corruption while receiving a message in Bus Socket Transport Server.
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in HLOS while running playready use-case.
Transient DOS in Data modem while handling TLB control messages from the Network.
Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.
Transient DOS in Modem after RRC Setup message is received.
Memory corruption while using the UIM diag command to get the operators name.
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
Memory corruption while loading an ELF segment in TEE Kernel.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
Memory corruption in Modem while processing security related configuration before AS Security Exchange.
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Transient DOS in Modem while allocating DSM items.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Improper Access to the VM resource manager can lead to Memory Corruption.
Memory Corruption in Core Platform while printing the response buffer in log.
Memory corruption in Core Platform while printing the response buffer in log.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
Information disclosure in Kernel due to indirect branch misprediction.
Transient DOS due to improper authorization in Modem
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Transient DOS due to reachable assertion in Modem because of invalid network configuration.
information disclosure due to cryptographic issue in Core during RPMB read request.
Assertion occurs while processing Reconfiguration message due to improper validation
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.
Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.
Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory corruption due to double free in core while initializing the encryption key.
Transient DOS in modem due to reachable assertion.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption due to improper validation of array index in Multi-mode call processor.
