| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call. |
| Information disclosure may occur while processing goodbye RTCP packet from network. |
| Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. |
| Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set. |
| Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. |
| Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
| Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| memory corruption when an invalid firehose patch command is invoked. |
| Memory corruption while processing video packets received from video firmware. |
| information disclosure while invoking calibration data from user space to update firmware size. |
| Memory corruption may occur while processing voice call registration with user. |
| Memory corruption while processing commands from A2dp sink command queue. |
| Information disclosure while handling beacon or probe response frame in STA. |
| Memory corruption while processing finish_sign command to pass a rsp buffer. |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. |
| Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
