Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Memory corruption may occur while processing voice call registration with user.
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption while reading the FW response from the shared queue.
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Memory corruption during the FRS UDS generation process.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption while reading secure file.
Memory corruption while sound model registration for voice activation with audio kernel driver.
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
Memory corruption during concurrent access to server info object due to incorrect reference count update.
Memory corruption during concurrent access to server info object due to unprotected critical field.
Transient DOS may occur while parsing SSID in action frames.
Memory corruption while processing message content in eAVB.
Information disclosure may be there when a guest VM is connected.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Memory corruption may occur due top improper access control in HAB process.
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.
Memory corruption while processing IOCTL calls to add route entry in the HW.
Memory corruption while accessing MSM channel map and mixer functions.
Memory corruption while invoking IOCTL map buffer request from userspace.
Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
Memory corruption while handling file descriptor during listener registration/de-registration.
Cryptographic issues while generating an asymmetric key pair for RKP use cases.
There may be information disclosure during memory re-allocation in TZ Secure OS.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.
Memory corruption while calling the NPU driver APIs concurrently.
Memory corruption while processing input message passed from FE driver.
Transient DOS may occur while processing the country IE.
Memory corruption may occur while validating ports and channels in Audio driver.
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
Memory corruption while processing command in Glink linux.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
Information disclosure while deriving keys for a session for any Widevine use case.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while parsing the memory map info in IOCTL calls.
Information disclosure while processing IO control commands.
Information disclosure during audio playback.
Information disclosure while processing information on firmware image during core initialization.
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,