23 known vulnerabilities · sorted by CVSS score
Memory corruption while redirecting log file to any file location with any file name.
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
Memory corruption while processing MBSSID beacon containing several subelement IE.
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Memory corruption while processing video packets received from video firmware.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Memory corruption while processing command in Glink linux.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.