15 known vulnerabilities · sorted by CVSS score
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption in display driver while detaching a device.
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
Memory corruption while calling the NPU driver APIs concurrently.
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.
Memory corruption when Alternative Frequency offset value is set to 255.
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Transient DOS may occur while processing the country IE.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
Information disclosure while deriving keys for a session for any Widevine use case.
Transient DOS can occur while processing UCI command.
While processing the authentication message in UE, improper authentication may lead to information disclosure.