73 known vulnerabilities · sorted by CVSS score
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Memory corruption in HLOS while running playready use-case.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Memory corruption in Audio during playback with speaker protection.
Memory corruption while handling user packets during VBO bind operation.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.