Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
Transient DOS in WLAN Firmware while processing frames with missing header fields.
Memoru corruption in Audio when ADSP sends input during record use case.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
Information disclosure in Kernel due to indirect branch misprediction.
Memory corruption in Linux Networking due to double free while handling a hyp-assign.
Transient DOS due to improper authorization in Modem
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Transient DOS due to reachable assertion in Modem because of invalid network configuration.
information disclosure due to cryptographic issue in Core during RPMB read request.
Assertion occurs while processing Reconfiguration message due to improper validation
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory corruption in Graphics while importing a file.
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.
Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.
Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
Transient DOS in modem due to reachable assertion.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption due to improper validation of array index in Multi-mode call processor.
Transient DOS due to reachable assertion in Modem while processing SIB1 Message.
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.
Memory corruption in WLAN due to use after free
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory corruption in modem due to buffer overflow while processing a PPP packet
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg