| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption while verifying the serialized header when the key pairs are generated. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. |
