| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Information disclosure while handling T2LM Action Frame in WLAN Host. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Memory corruption when Alternative Frequency offset value is set to 255. |
| Memory corruption when user provides data for FM HCI command control operations. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption while processing IOCTL call for getting group info. |
| Memory corruption in Audio while processing RT proxy port register driver. |
| Memory corruption in HLOS while checking for the storage type. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Information disclosure while parsing dts header atom in Video. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Transient DOS may occur while processing the country IE. |