| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while processing received beacon frame. |
| Memory corruption while verifying the serialized header when the key pairs are generated. |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Memory corruption in SPS Application while requesting for public key in sorter TA. |
| Memory corruption while processing finish_sign command to pass a rsp buffer. |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Transient DOS while parsing per STA profile in ML IE. |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. |
| Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. |
| Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. |
| Information disclosure while parsing the OCI IE with invalid length. |
| Memory corruption while power-up or power-down sequence of the camera sensor. |
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. |
