Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Transient DOS may occur while parsing SSID in action frames.
Transient DOS in Data Modem during DTLS handshake.
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
Transient DOS in WLAN Firmware while processing a FTMR frame.
Transient DOS in WLAN Firmware while parsing a NAN management frame.
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
Transient DOS in WLAN Firmware while parsing t2lm buffers.
Transient DOS in WLAN Firmware while parsing a BTM request.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Transient DOS while processing received beacon frame.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Transient DOS while parsing per STA profile in ML IE.
Transient DOS may occur while parsing extended IE in beacon.
Transient DOS in Audio while remapping channel buffer in media codec decoding.
Transient DOS while processing the EHT operation IE in the received beacon frame.
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
Transient DOS in WLAN Firmware while parsing rsn ies.
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
Transient DOS in WLAN Firmware while parsing FT Information Elements.
Transient DOS while parsing WLAN beacon or probe-response frame.
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Transient DOS in WLAN Firmware while processing frames with missing header fields.
Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Transient DOS while processing the CU information from RNR IE.
Transient DOS while parsing probe response and assoc response frame.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Transient DOS while parsing BTM ML IE when per STA profile is not included.
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while processing TID-to-link mapping IE elements.
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.