268 known vulnerabilities · sorted by CVSS score
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
Memory corruption while processing MBSSID beacon containing several subelement IE.
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
Memory corruption in modem due to improper length check while copying into memory
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Memory corruption in HLOS while running playready use-case.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption in Core while processing control functions.
Memory corruption in Hypervisor when platform information mentioned is not aligned.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption while configuring a Hypervisor based input virtual device.