152 known vulnerabilities · sorted by CVSS score
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
Memory corruption while redirecting log file to any file location with any file name.
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
Memory corruption in WLAN Host while processing RRM beacon on the AP.
Memory corruption while processing MBSSID beacon containing several subelement IE.
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption in Core while processing control functions.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption while processing a GP command response.
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption in Kernel while parsing metadata.
Memory corruption in core due to stack-based buffer overflow