Total
100
Critical
9
High
75
Medium
16
CISA KEV
0
Information disclosure while running video usecase having rogue firmware.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.
Memory Corruption in Core Platform while printing the response buffer in log.
Memory Corruption while accessing metadata in Display.
Memory corruption in Core Platform while printing the response buffer in log.
Memory corruption in Audio while validating and mapping metadata.
Transient DOS in Modem while processing invalid System Information Block 1.
Information disclosure in Automotive multimedia due to buffer over-read.
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.
Memory corruption in Trusted Execution Environment while calling service API with invalid address.
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
Transient DOS in modem due to reachable assertion.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption due to improper validation of array index in Multi-mode call processor.
Transient DOS due to reachable assertion in Modem while processing SIB1 Message.
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.
Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory corruption in modem due to buffer overflow while processing a PPP packet
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Information Disclosure in Graphics during GPU context switch.
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Transient DOS due to improper input validation in WLAN Host.
Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
Information disclosure in modem due to buffer over-red while performing checksum of packet received
Denial of service in modem due to missing null check while processing TCP or UDP packets from server
Denial of service in modem due to missing null check while processing IP packets with padding
Denial of service in modem due to null pointer dereference while processing DNS packets
Information disclosure in modem due to buffer over read in dns client due to missing length check
Memory corruption in modem due to improper length check while copying into memory
Information disclosure in modem due to buffer over-read while processing response from DNS server
Memory corruption due to stack-based buffer overflow in Core
Information disclosure due to buffer overread in Core
Information disclosure due to buffer overread in Core
Memory corruption in Core due to stack-based buffer overflow.
Memory corruption in Automotive Android OS due to improper input validation.
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
Denial of service in MODEM due to improper pointer handling
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile
Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile
Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile
Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Denial of service in MODEM due to reachable assertion in Snapdragon Mobile
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
