Wcn3980 Firmware
Monthly
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. Rated high severity (CVSS 7.5). No vendor patch available.
Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS may occur while processing the country IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption in display driver while detaching a device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Memory corruption may occur while validating ports and channels in Audio driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing command in Glink linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS during hypervisor virtual I/O operation in a virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while power-up or power-down sequence of the camera sensor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information disclosure while processing IO control commands. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure during audio playback. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure while processing information on firmware image during core initialization. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. Rated high severity (CVSS 7.5). No vendor patch available.
Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS may occur while processing the country IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption in display driver while detaching a device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Memory corruption may occur while validating ports and channels in Audio driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing command in Glink linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS during hypervisor virtual I/O operation in a virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while power-up or power-down sequence of the camera sensor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information disclosure while processing IO control commands. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure during audio playback. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure while processing information on firmware image during core initialization. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.