Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Transient DOS while processing the CU information from RNR IE.
Transient DOS while parsing BTM ML IE when per STA profile is not included.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
Transient DOS when processing target power rate tables during channel configuration.
Transient DOS when processing a received frame with an excessively large authentication information element.
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
Transient DOS when MAC configures config id greater than supported maximum value.
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore
Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
Transient DOS may occur while parsing extended IE in beacon.
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Information disclosure while processing the hash segment in an MBN file.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Transient DOS while processing received beacon frame.
Memory corruption while IOCTL call is invoked from user-space to read board data.
Information disclosure while reading data from an image using specified offset and size parameters.
Transient DOS while processing the EHT operation IE in the received beacon frame.
Transient DOS may occur while parsing SSID in action frames.
Information disclosure while opening a fastrpc session when domain is not sanitized.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
Information disclosure due to buffer overread in Core
Information disclosure due to buffer overread in Core
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
Transient DOS due to buffer over-read in WLAN while sending a packet to device.
Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
Transient DOS due to buffer over-read in WLAN Host while parsing frame information.