Total
100
Critical
17
High
72
Medium
11
CISA KEV
0
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Memory corruption while processing a malformed license file during reboot.
Cryptographic issue while performing RSA PKCS padding decoding.
Information disclosure while processing the hash segment in an MBN file.
Information disclosure while reading data from an image using specified offset and size parameters.
There may be information disclosure during memory re-allocation in TZ Secure OS.
While processing the authentication message in UE, improper authentication may lead to information disclosure.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
memory corruption when an invalid firehose patch command is invoked.
Cryptographic issue while parsing RSA keys in COBR format.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption while processing key blob passed by the user.
Transient DOS while loading the TA ELF file.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Core while processing control functions.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption in HLOS while running playready use-case.
Memory corruption while using the UIM diag command to get the operators name.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
Memory corruption while loading an ELF segment in TEE Kernel.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Cryptographic issue in HLOS during key management.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
Information disclosure in Network Services due to buffer over-read while the device receives DNS response.
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
Information disclosure in Kernel due to indirect branch misprediction.
Transient DOS due to improper authorization in Modem
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
information disclosure due to cryptographic issue in Core during RPMB read request.
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.
Information disclosure due to buffer over-read in modem while reading configuration parameters.
Memory corruption due to double free in core while initializing the encryption key.
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
memory corruption in modem due to improper check while calculating size of serialized CoAP message
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
Memory corruption in modem due to improper input validation while handling the incoming CoAP message
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
Information disclosure in modem due to missing NULL check while reading packets received from local network
Information disclosure in modem due to buffer over-read while processing packets from DNS server
Information disclosure in modem due to improper check of IP type while processing DNS server query
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
Memory correction in modem due to buffer overwrite during coap connection
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption in modem due to buffer overflow while processing a PPP packet
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
Information disclosure in modem due to buffer over-red while performing checksum of packet received
Denial of service in modem due to missing null check while processing TCP or UDP packets from server
Denial of service in modem due to missing null check while processing IP packets with padding
Denial of service in modem due to null pointer dereference while processing DNS packets
Information disclosure in modem due to buffer over read in dns client due to missing length check
Memory corruption in modem due to improper length check while copying into memory
Information disclosure in modem due to buffer over-read while processing response from DNS server
Memory corruption due to stack-based buffer overflow in Core
Information disclosure due to buffer overread in Core
Information disclosure due to buffer overread in Core
Memory corruption in core due to stack-based buffer overflow
Memory corruption in Core due to stack-based buffer overflow.
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
