| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while parsing per STA profile in ML IE. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Memory corruption while operating the mailbox in Automotive. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. |
| Memory corruption while decoding of OTA messages from T3448 IE. |
| Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. |
| Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. |
| Information disclosure while parsing the OCI IE with invalid length. |
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. |
| Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. |
| Memory corruption when allocating and accessing an entry in an SMEM partition continuously. |
| Memory corruption while Configuring the SMR/S2CR register in Bypass mode. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
| Memory corruption during session sign renewal request calls in HLOS. |
