98 known vulnerabilities · sorted by CVSS score
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Memory corruption while releasing shared resources in MinkSocket listener thread.
Memory corruption while processing IOCTL call to set metainfo.
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Memory corruption while verifying the serialized header when the key pairs are generated.
Information disclosure while parsing the OCI IE with invalid length.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption while processing video packets received from video firmware.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption while calling the NPU driver APIs concurrently.