Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Transient DOS while parsing probe response and assoc response frame.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Transient DOS while parsing BTM ML IE when per STA profile is not included.
Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Transient DOS while processing the CU information from RNR IE.
Transient DOS while processing TID-to-link mapping IE elements.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
Transient DOS while parsing the received TID-to-link mapping action frame.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Transient DOS while parse fils IE with length equal to 1.
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
Transient DOS in WLAN Firmware while processing a FTMR frame.
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.
Transient DOS in WLAN Firmware while parsing t2lm buffers.
Transient DOS in Audio while remapping channel buffer in media codec decoding.
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
Transient DOS in WLAN Firmware while processing frames with missing header fields.
Transient DOS while parsing WLAN beacon or probe-response frame.
Transient DOS in WLAN Firmware while parsing FT Information Elements.
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Transient DOS during music playback of ALAC content.
Transient DOS due to buffer over-read in WLAN while sending a packet to device.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.