| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Transient DOS while parse fils IE with length equal to 1. |
| Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Transient DOS while processing 11AZ RTT management action frame received through OTA. |
| Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. |
| Information disclosure in Core services while processing a Diag command. |
| Memory corruption in HLOS while running playready use-case. |
| The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. |
| Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. |
| Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. |
