25 known vulnerabilities · sorted by CVSS score
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Memory corruption in HLOS while running playready use-case.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption in Audio during playback with speaker protection.
Memory corruption due to double free in Core while mapping HLOS address to the list.
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption during PlayReady APP usecase while processing TA commands.
Memory corruption while using the UIM diag command to get the operators name.
Transient DOS due to improper authorization in Modem
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.