32 known vulnerabilities · sorted by CVSS score
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
Memory corruption in HLOS while running playready use-case.
Memory corruption in Audio during playback with speaker protection.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Memory corruption in Graphics while importing a file.
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption during PlayReady APP usecase while processing TA commands.