27 known vulnerabilities · sorted by CVSS score
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
Memory corruption in HLOS while running playready use-case.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption in Audio during playback with speaker protection.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
Memory corruption while using alignments for memory allocation.
Memory corruption while processing MFC channel configuration during music playback.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption during PlayReady APP usecase while processing TA commands.
Memory corruption while processing GPU page table switch.
Memory Corruption in SPS Application while exporting public key in sorter TA.