Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Information disclosure due to buffer overread in Linux sensors
Information disclosure in Automotive multimedia due to buffer over-read.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Transient DOS while parsing probe response and assoc response frame.
Information disclosure while processing information on firmware image during core initialization.
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Information disclosure during audio playback.
Transient DOS while processing the CU information from RNR IE.
Information disclosure while processing IO control commands.
Transient DOS while parsing BTM ML IE when per STA profile is not included.
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.
Memory corruption when the captureRead QDCM command is invoked from user-space.
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Information disclosure while parsing the multiple MBSSID IEs from the beacon.
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Transient DOS while processing TID-to-link mapping IE elements.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS while loading the TA ELF file.
INformation disclosure while handling Multi-link IE in beacon frame.
Memory corruption while processing key blob passed by the user.
Transient DOS during music playback of ALAC content.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Information Disclosure while parsing beacon frame in STA.
Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Information disclosure while handling SA query action frame.
Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850
Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850