Total
83
Critical
8
High
55
Medium
20
CISA KEV
0
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
Transient DOS when processing target power rate tables during channel configuration.
Transient DOS when processing a received frame with an excessively large authentication information element.
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Transient DOS while processing received beacon frame.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
Memory corruption while retrieving the CBOR data from TA.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Transient DOS while parsing per STA profile in ML IE.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Memory corruption during the FRS UDS generation process.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption while reading secure file.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Information disclosure while parsing the OCI IE with invalid length.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption while configuring a Hypervisor based input virtual device.
Information disclosure while processing IO control commands.
Information disclosure during audio playback.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
Memory corruption while processing IOCTL call for getting group info.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption when more scan frequency list or channels are sent from the user space.
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Information disclosure while handling T2LM Action Frame in WLAN Host.
Memory corruption while playing audio file having large-sized input buffer.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption while verifying the serialized header when the key pairs are generated.
Memory corruption in HLOS while checking for the storage type.
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.
Memory corruption while copying the sound model data from user to kernel buffer during sound model register.
Memory corruption when the bandpass filter order received from AHAL is not within the expected range.
Memory corruption when multiple listeners are being registered with the same file descriptor.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption while redirecting log file to any file location with any file name.
Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.
Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
Memory corruption while processing MBSSID beacon containing several subelement IE.
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
Memory corruption while invoking HGSL IOCTL context create.
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
Transient DOS while processing CAG info IE received from NW.
Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
Transient DOS while processing channel information for speaker protection v2 module in ADSP.
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
Transient DOS while processing IE fragments from server during DTLS handshake.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
