| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while parsing probe response and assoc response frame. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Transient DOS while parse fils IE with length equal to 1. |
| Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Memory corruption while loading an ELF segment in TEE Kernel. |
| Transient DOS in Audio when invoking callback function of ASM driver. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption while using the UIM diag command to get the operators name. |
| Memory corruption when multiple listeners are being registered with the same file descriptor. |
| Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
