Total
90
Critical
4
High
72
Medium
14
CISA KEV
0
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
Transient DOS when processing target power rate tables during channel configuration.
Transient DOS when processing a received frame with an excessively large authentication information element.
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption during sub-system restart while processing clean-up to free up resources.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Transient DOS while processing received beacon frame.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
Memory corruption while retrieving the CBOR data from TA.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption while reading the FW response from the shared queue.
Transient DOS while parsing per STA profile in ML IE.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Memory corruption during the FRS UDS generation process.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption while reading secure file.
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Information disclosure while parsing the OCI IE with invalid length.
Memory corruption while power-up or power-down sequence of the camera sensor.
Memory corruption can occur in the camera when an invalid CID is used.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
Memory corruption while validating number of devices in Camera kernel .
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while processing frame packets.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
Memory corruption while processing frame command IOCTL calls.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
Memory corruption when user provides data for FM HCI command control operations.
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption while playing audio file having large-sized input buffer.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption while verifying the serialized header when the key pairs are generated.
Memory corruption in HLOS while checking for the storage type.
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption while processing TPC target power table in FTM TPC.
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
Transient DOS while processing CAG info IE received from NW.
Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
Transient DOS while processing IE fragments from server during DTLS handshake.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
Memory corruption in Core Services while executing the command for removing a single event listener.
