Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
Transient DOS when processing target power rate tables during channel configuration.
Transient DOS when processing a received frame with an excessively large authentication information element.
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
Transient DOS when MAC configures config id greater than supported maximum value.
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore
Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
Transient DOS may occur while parsing extended IE in beacon.
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
Transient DOS while processing received beacon frame.
Transient DOS while processing the EHT operation IE in the received beacon frame.
Transient DOS may occur while parsing SSID in action frames.
Information disclosure while opening a fastrpc session when domain is not sanitized.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
Transient DOS due to buffer over-read in WLAN while sending a packet to device.
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
Information disclosure due to buffer overread in Linux sensors
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.