14 known vulnerabilities · sorted by CVSS score
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption in Graphics while processing user packets for command submission.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption while calling the NPU driver APIs concurrently.
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
While processing the authentication message in UE, improper authentication may lead to information disclosure.