| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. |
| Memory corruption in WLAN HAL while handling command streams through WMI interfaces. |
| Memory corruption in WLAN HAL while handling command through WMI interfaces. |
| Memory corruption while redirecting log file to any file location with any file name. |
| Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. |
| Memory corruption in WLAN Host while processing RRM beacon on the AP. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
| Memory corruption when allocating and accessing an entry in an SMEM partition. |
| Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. |
| Information Disclosure in WLAN Host when processing WMI event command. |
| Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. |
| Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length. |
| Memory corruption due to improper access control in Qualcomm IPC. |
| Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. |
| An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
