CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Memory corruption when allocating and accessing an entry in an SMEM partition. | 7.8 |
HIGH |
||
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image. | 7.8 |
HIGH |
||
Information disclosure while parsing sub-IE length during new IE generation. | 7.5 |
HIGH |
||
Transient DOS while loading the TA ELF file. | 7.1 |
HIGH |
||
Information disclosure while handling SA query action frame. | 7.5 |
HIGH |
||
INformation disclosure while handling Multi-link IE in beacon frame. | 7.5 |
HIGH |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
HIGH |
||
Transient DOS while processing 11AZ RTT management action frame received through OTA. | 7.5 |
HIGH |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
HIGH |
||
Memory corruption in Core while processing control functions. | 9.3 |
CRITICAL |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while processing a FTMR frame. | 7.5 |
HIGH |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
HIGH |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
HIGH |
||
Memory corruption in WLAN Host while processing RRM beacon on the AP. | 9.8 |
CRITICAL |
||
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. | 9.8 |
CRITICAL |
||
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 |
HIGH |
||
Memory corruption in Kernel while parsing metadata. | 8.4 |
HIGH |
||
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 |
HIGH |
||
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
MEDIUM |
||
Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing t2lm buffers. | 7.5 |
HIGH |
||
Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
HIGH |
||
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 9.8 |
CRITICAL |
||
Information Disclosure in WLAN Host when processing WMI event command. | 6.1 |
MEDIUM |
||
Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
HIGH |