CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Transient DOS may occur while processing the country IE. | 7.5 |
Haute |
||
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | 7.8 |
Haute |
||
Memory corruption during management frame processing due to mismatch in T2LM info element. | 9.8 |
Critique |
||
Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
Haute |
||
Memory corruption while handling IOCTL call from user-space to set latency level. | 7.8 |
Haute |
||
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 7.5 |
Haute |
||
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. | 7.8 |
Haute |
||
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. | 7.8 |
Haute |
||
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. | 7.8 |
Haute |
||
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 7.8 |
Haute |
||
Memory corruption when IOCTL call is invoked from user-space to read board data. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. | 7.8 |
Haute |
||
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. | 7.8 |
Haute |
||
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice. | 7.8 |
Haute |
||
Memory corruption while station LL statistic handling. | 7.8 |
Haute |
||
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. | 9.1 |
Critique |
||
Transient DOS while processing the CU information from RNR IE. | 7.5 |
Haute |
||
Transient DOS while parsing BTM ML IE when per STA profile is not included. | 7.5 |
Haute |
||
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | 8.2 |
Haute |
||
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | 7.5 |
Haute |
||
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. | 7.5 |
Haute |
||
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. | 7.5 |
Haute |
||
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | 7.5 |
Haute |
||
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. | 7.5 |
Haute |
||
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. | 7.5 |
Haute |
||
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. | 7.5 |
Haute |
||
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | 7.5 |
Haute |
||
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. | 7.5 |
Haute |
||
Transient DOS while processing TID-to-link mapping IE elements. | 7.5 |
Haute |
||
Transient DOS while parsing the received TID-to-link mapping action frame. | 7.5 |
Haute |
||
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. | 7.5 |
Haute |
||
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. | 7.5 |
Haute |
||
Transient DOS while parsing ESP IE from beacon/probe response frame. | 7.5 |
Haute |
||
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. | 7.5 |
Haute |
||
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. | 7.5 |
Haute |
||
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. | 7.5 |
Haute |
||
Transient DOS while parsing fragments of MBSSID IE from beacon frame. | 7.5 |
Haute |
||
Information disclosure while handling beacon probe frame during scan entry generation in client side. | 7.5 |
Haute |
||
Information disclosure while handling beacon or probe response frame in STA. | 7.5 |
Haute |
||
Information disclosure while parsing sub-IE length during new IE generation. | 7.5 |
Haute |
||
Information disclosure while handling SA query action frame. | 7.5 |
Haute |
||
INformation disclosure while handling Multi-link IE in beacon frame. | 7.5 |
Haute |
||
Information Disclosure while parsing beacon frame in STA. | 9.1 |
Critique |
||
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. | 7.5 |
Haute |
||
Memory corruption when more scan frequency list or channels are sent from the user space. | 7.8 |
Haute |
||
Information disclosure while handling T2LM Action Frame in WLAN Host. | 7.5 |
Haute |
||
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 7.5 |
Haute |
||
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. | 9.8 |
Critique |
||
Memory corruption while processing MBSSID beacon containing several subelement IE. | 9.8 |
Critique |
||
Memory corruption while processing TPC target power table in FTM TPC. | 8.4 |
Haute |
||
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame. | 7.5 |
Haute |
||
Transient DOS while parse fils IE with length equal to 1. | 7.5 |
Haute |
||
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. | 9.8 |
Critique |
||
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 7.5 |
Haute |
||
Transient DOS while processing 11AZ RTT management action frame received through OTA. | 7.5 |
Haute |
||
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 7.5 |
Haute |
||
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. | 9.8 |
Critique |
||
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | 7.5 |
Haute |
||
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing a BTM request. | 7.5 |
Haute |
||
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while processing a FTMR frame. | 7.5 |
Haute |
||
Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
Haute |
||
Memory corruption when processing cmd parameters while parsing vdev. | 8.4 |
Haute |
||
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 |
Haute |
||
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
Haute |
||
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 |
Haute |
||
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
Haute |
||
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing t2lm buffers. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
Haute |
||
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 9.8 |
Critique |
||
Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. | 8.8 |
Haute |
||
Information Disclosure in WLAN Host when processing WMI event command. | 6.1 |
Moyen |
||
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 |
Critique |
||
Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 |
Haute |
||
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | 6.1 |
Moyen |
||
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 7.8 |
Haute |
||
Transient DOS while parsing WLAN beacon or probe-response frame. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while parsing FT Information Elements. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while processing frames with missing header fields. | 7.5 |
Haute |
||
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 7.5 |
Haute |
||
Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 7.8 |
Haute |