| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Transient DOS while parsing probe response and assoc response frame. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Memory corruption while processing command in Glink linux. |
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
