Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
Memory corruption while IOCTL call is invoked from user-space to read board data.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption while processing escape code in API.
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.
Information disclosure while creating MQ channels.
Memory corruption while handling file descriptor during listener registration/de-registration.
Cryptographic issues while generating an asymmetric key pair for RKP use cases.
There may be information disclosure during memory re-allocation in TZ Secure OS.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.
Memory corruption while calling the NPU driver APIs concurrently.
Transient DOS may occur while processing the country IE.
Memory corruption in display driver while detaching a device.
Memory corruption may occur while validating ports and channels in Audio driver.
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
Information disclosure while deriving keys for a session for any Widevine use case.
While processing the authentication message in UE, improper authentication may lead to information disclosure.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Information disclosure while parsing the OCI IE with invalid length.
Memory corruption while power-up or power-down sequence of the camera sensor.
Memory corruption can occur in the camera when an invalid CID is used.
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption while handling IOCTL call from user-space to set latency level.
Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.
Memory corruption while configuring a Hypervisor based input virtual device.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when IOCTL call is invoked from user-space to read board data.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Memory corruption during GNSS HAL process initialization.
Memory corruption while processing GPU page table switch.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Memory corruption while handling session errors from firmware.