11 known vulnerabilities · sorted by CVSS score
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption in display driver while detaching a device.
Memory corruption while calling the NPU driver APIs concurrently.
Memory corruption when Alternative Frequency offset value is set to 255.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Transient DOS may occur while processing the country IE.
Information disclosure while deriving keys for a session for any Widevine use case.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.