| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Memory corruption while processing audio effects. |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. |
| Memory corruption while triggering commands in the PlayReady Trusted application. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory corruption when BTFM client sends new messages over Slimbus to ADSP. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
