Yocto
Monthly
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. [CVSS 7.5 HIGH]
Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.
In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In flashc, there is a possible out of bounds write due to an uncaught exception. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible system crash due to an uncaught exception. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In flashc, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In lk, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In aee, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In connectivity system driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In bluetooth driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.0). No vendor patch available.
In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible memory corruption due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In vcu, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In vcu, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. [CVSS 7.5 HIGH]
Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.
In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In flashc, there is a possible out of bounds write due to an uncaught exception. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible system crash due to an uncaught exception. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In flashc, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In lk, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In aee, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In connectivity system driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In bluetooth driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.0). No vendor patch available.
In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible memory corruption due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In vcu, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In vcu, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.