Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Denial of service in modem due to null pointer dereference while processing DNS packets
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
Denial of service in modem due to missing null check while processing IP packets with padding
Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile
Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Denial of service in Modem due to reachable assertion in Snapdragon Mobile
Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.
Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile
Transient DOS while processing CCCH data when NW sends data with invalid length.
Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Assertion occurs while processing Reconfiguration message due to improper validation
Error occurs While extracting the ipv6_header having an invalid length due to lack of length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, MDM9205, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Transient DOS in WLAN Firmware while parsing rsn ies.
When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
Transient DOS in WLAN Firmware while processing frames with missing header fields.
Transient DOS may occur while processing the country IE.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Transient DOS while parsing probe response and assoc response frame.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Transient DOS while processing the CU information from RNR IE.
Transient DOS while parsing BTM ML IE when per STA profile is not included.
Transient DOS due to improper input validation in WLAN Host.
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
Transient DOS due to improper authorization in Modem
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.