Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Transient DOS during music playback of ALAC content.
Transient DOS while processing power control requests with invalid antenna or stream values.
Transient DOS while parsing video packets received from the video firmware.
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
Transient DOS while parsing the EPTM test control message to get the test pattern.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.
Transient DOS when processing a received frame with an excessively large authentication information element.
Information disclosure while parsing dts header atom in Video.
Information Disclosure while parsing beacon frame in STA.
INformation disclosure while handling Multi-link IE in beacon frame.
Transient DOS while loading the TA ELF file.
Memory corruption while processing key blob passed by the user.
Information disclosure while handling SA query action frame.
Information disclosure while handling beacon probe frame during scan entry generation in client side.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Information disclosure while handling beacon or probe response frame in STA.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Transient DOS while handling command data during power control processing.
Transient DOS in Data Modem during DTLS handshake.
Transient DOS while processing a frame with malformed shared-key descriptor.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption while processing an IOCTL command with an arbitrary address.
Transient DOS while processing IOCTL call for image encoding.
Memory corruption during the image encoding process.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Transient DOS while processing video packets received from video firmware.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS while processing the EHT operation IE in the received beacon frame.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Transient DOS while parsing per STA profile in ML IE.
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Transient DOS while processing received beacon frame.
Transient DOS may occur while parsing SSID in action frames.
Transient DOS may occur while parsing extended IE in beacon.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.