| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Transient DOS while parsing probe response and assoc response frame. |
| Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
