15 known vulnerabilities · sorted by CVSS score
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while processing GPU page table switch.
Memory corruption while processing API calls to NPU with invalid input.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
Transient DOS while handling PS event when Program Service name length offset value is set to 255.