32 known vulnerabilities · sorted by CVSS score
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Information disclosure while parsing the OCI IE with invalid length.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
Transient DOS may occur while parsing SSID in action frames.
Transient DOS while processing an ANQP message.
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Transient DOS may occur while processing the country IE.
Transient DOS while processing a frame with malformed shared-key descriptor.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS while processing the CU information from RNR IE.
Transient DOS may occur while parsing extended IE in beacon.
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.