CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Memory corruption when allocating and accessing an entry in an SMEM partition. | 7.8 |
HIGH |
||
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image. | 7.8 |
HIGH |
||
Transient DOS while loading the TA ELF file. | 7.1 |
HIGH |
||
Information disclosure while handling SA query action frame. | 7.5 |
HIGH |
||
INformation disclosure while handling Multi-link IE in beacon frame. | 7.5 |
HIGH |
||
Transient DOS while processing 11AZ RTT management action frame received through OTA. | 7.5 |
HIGH |
||
Memory corruption in Core while processing control functions. | 9.3 |
CRITICAL |
||
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | 7.5 |
HIGH |
||
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver. | 7.5 |
HIGH |
||
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing a BTM request. | 7.5 |
HIGH |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while processing a FTMR frame. | 7.5 |
HIGH |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
HIGH |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
HIGH |
||
Memory corruption in WLAN Host while processing RRM beacon on the AP. | 9.8 |
CRITICAL |
||
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. | 9.8 |
CRITICAL |
||
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 |
HIGH |
||
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
HIGH |
||
Memory corruption in Kernel while parsing metadata. | 8.4 |
HIGH |
||
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 |
HIGH |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
MEDIUM |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing t2lm buffers. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
HIGH |
||
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 9.8 |
CRITICAL |
||
Information Disclosure in WLAN Host when processing WMI event command. | 6.1 |
MEDIUM |
||
Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
HIGH |
||
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 |
CRITICAL |
||
Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 |
HIGH |
||
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 7.8 |
HIGH |
||
Memory Corruption in Core Platform while printing the response buffer in log. | 7.8 |
HIGH |
||
Memory corruption in Core Platform while printing the response buffer in log. | 7.8 |
HIGH |
||
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 7.8 |
HIGH |
||
Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | 7.8 |
HIGH |
||
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | 7.8 |
HIGH |
||
Transient DOS due to buffer over-read in WLAN while sending a packet to device. | 7.5 |
HIGH |
||
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | 8.4 |
HIGH |
||
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | 8.4 |
HIGH |
||
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | 7.5 |
HIGH |
||
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes. | 7.5 |
HIGH |