21 known vulnerabilities · sorted by CVSS score
Memory corruption while handling payloads from remote ESL.
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption while calling the NPU driver APIs concurrently.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in display driver while detaching a device.
Memory Corruption in WLAN HOST while fetching TX status information.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption when Alternative Frequency offset value is set to 255.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption may occur while validating ports and channels in Audio driver.
Transient DOS may occur while processing the country IE.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
Information disclosure while deriving keys for a session for any Widevine use case.