Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
Transient DOS when MAC configures config id greater than supported maximum value.
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.
Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
Transient DOS when processing target power rate tables during channel configuration.
Transient DOS when processing a received frame with an excessively large authentication information element.
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
Memory corruption while reading the FW response from the shared queue.
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when programming registers through virtual CDM.
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Memory corruption due to stack-based buffer overflow in Core
Memory corruption in core due to stack-based buffer overflow
Memory corruption in Core due to stack-based buffer overflow.
Memory corruption while configuring a Hypervisor based input virtual device.
Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption while processing IOCTL command when device is in power-save state.
Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption in Linux while sending DRM request.
Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.
Memory corruption in Automotive due to improper input validation.
Memory corruption may occur during communication between primary and guest VM.
Memory corruption while processing input message passed from FE driver.
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.