10 known vulnerabilities · sorted by CVSS score
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption when Alternative Frequency offset value is set to 255.
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
Memory corruption when user provides data for FM HCI command control operations.
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.