Memory corruption while parsing beacon/probe response frame when AP sends more supported links in...
9.8CVSS
7.6AI Score
0.001EPSS
Memory corruption while processing a QMI request for allocating memory from a DHMS supported...
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics...
8.4CVSS
7.6AI Score
0.0004EPSS
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in...
7.5CVSS
7.4AI Score
0.0005EPSS
Memory corruption in Data Modem while verifying hello-verify message during the DTLS...
9.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...
7.5CVSS
7.5AI Score
0.0005EPSS
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...
7CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
7.4AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in Modem while processing security related configuration before AS Security...
9.8CVSS
8.4AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Trusted Execution Environment while calling service API with invalid...
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI...
5.5CVSS
5.5AI Score
0.0004EPSS
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID...
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Transient DOS due to improper input validation in WLAN Host while parsing frame during...
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
8AI Score
0.0004EPSS
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed...
7.5CVSS
7.4AI Score
0.001EPSS
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from...
6.8CVSS
6.8AI Score
0.001EPSS
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video...
7.8CVSS
8AI Score
0.0004EPSS
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request...
7.8CVSS
8AI Score
0.001EPSS
Memory corruption due to use after free in Core when multiple DCI clients register and...
7.8CVSS
8AI Score
0.0004EPSS
Information disclosure due to buffer over-read in modem while reading configuration...
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Memory corruption due to configuration weakness in modem wile sending command to write protected...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered...
7.8CVSS
7.9AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the...
9.8CVSS
9.6AI Score
0.001EPSS
Denial of service in modem due to missing null check while processing TCP or UDP packets from...
7.5CVSS
7.5AI Score
0.001EPSS
Information disclosure in modem due to improper check of IP type while processing DNS server...
7.5CVSS
7.4AI Score
0.001EPSS
Transient DOS while processing 11AZ RTT management action frame received through...
7.5CVSS
7.2AI Score
0.0005EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon...
7.5CVSS
7.2AI Score
0.0005EPSS
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo...
9.8CVSS
7.4AI Score
0.001EPSS
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping...
9.8CVSS
7.4AI Score
0.001EPSS
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem...
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring...
7.8CVSS
7.3AI Score
0.0004EPSS
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS