Qualcomm QCN9100 Firmware

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

Published: 2026-04-06T15:33:46.114Z
Updated: 2026-04-06T16:22:15.658Z

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

Published: 2026-05-04T16:43:08.911Z
Updated: 2026-05-04T17:17:18.716Z

Memory corruption while deinitializing a HDCP session.

Published: 2026-01-06T22:48:36.574Z
Updated: 2026-01-07T16:16:14.715Z

Information disclosure while processing a firmware event.

Published: 2026-01-06T22:48:29.721Z
Updated: 2026-01-07T16:16:53.290Z

Transient DOS while handling command data during power control processing.

Published: 2025-09-24T15:33:52.473Z
Updated: 2025-09-25T18:34:13.643Z

Transient DOS while parsing the EPTM test control message to get the test pattern.

Published: 2025-09-24T15:33:51.163Z
Updated: 2025-09-24T17:28:16.793Z

Memory corruption while processing a GP command response.

Published: 2025-11-04T03:19:13.447Z
Updated: 2026-02-26T17:47:31.803Z

Transient DOS while creating NDP instance.

Published: 2025-08-06T07:26:09.724Z
Updated: 2025-08-06T13:33:47.104Z

Transient DOS while processing an ANQP message.

Published: 2025-08-06T07:26:03.160Z
Updated: 2025-08-06T13:36:36.865Z

Memory corruption while performing SCM call with malformed inputs.

Published: 2025-10-09T03:18:06.050Z
Updated: 2026-02-26T17:48:06.737Z

Memory corruption while performing SCM call.

Published: 2025-10-09T03:18:04.840Z
Updated: 2026-02-26T17:48:07.360Z

Transient DOS while handling beacon frames with invalid IE header length.

Published: 2025-07-08T12:49:18.686Z
Updated: 2025-07-08T13:15:58.087Z

Information disclosure may occur while processing the hypervisor log.

Published: 2025-10-09T03:17:54.304Z
Updated: 2025-10-09T14:33:13.151Z

Transient DOS while processing the EHT operation IE in the received beacon frame.

Published: 2025-06-03T05:52:58.605Z
Updated: 2025-06-03T15:10:22.762Z

Transient DOS may occur while parsing SSID in action frames.

Published: 2025-04-07T10:16:15.565Z
Updated: 2025-04-07T14:03:06.045Z

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

Published: 2025-07-08T12:48:57.211Z
Updated: 2025-07-08T14:44:26.389Z

Transient DOS may occur while parsing extended IE in beacon.

Published: 2025-04-07T10:16:02.146Z
Updated: 2025-04-07T14:37:48.732Z

Memory corruption during management frame processing due to mismatch in T2LM info element.

Published: 2025-02-03T16:51:39.200Z
Updated: 2025-02-03T17:31:49.479Z

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

Published: 2025-02-03T16:51:28.301Z
Updated: 2025-02-12T20:51:23.877Z

Memory corruption while parsing the ML IE due to invalid frame content.

Published: 2025-02-03T16:51:27.070Z
Updated: 2026-02-26T19:09:25.517Z

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.

Published: 2025-01-06T10:33:31.971Z
Updated: 2025-01-06T14:18:34.320Z

Memory corruption while processing command in Glink linux.

Published: 2025-03-03T10:07:24.713Z
Updated: 2025-03-03T13:11:53.199Z

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Published: 2024-11-04T10:04:50.376Z
Updated: 2024-11-04T14:56:33.847Z

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Published: 2024-10-07T12:58:57.145Z
Updated: 2024-10-07T13:11:28.250Z

Memory corruption while redirecting log file to any file location with any file name.

Published: 2024-10-07T12:58:53.271Z
Updated: 2024-10-07T13:14:18.810Z

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Published: 2024-09-02T10:22:44.952Z
Updated: 2024-09-03T13:23:06.795Z

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Published: 2024-09-02T10:22:40.544Z
Updated: 2024-09-03T13:52:53.129Z

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

Published: 2024-10-07T12:58:50.372Z
Updated: 2024-10-07T13:21:17.867Z

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

Published: 2024-09-02T10:22:39.387Z
Updated: 2024-09-03T13:53:56.238Z

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

Published: 2024-08-05T14:21:46.685Z
Updated: 2024-08-05T15:05:33.155Z

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Published: 2024-08-05T14:21:45.607Z
Updated: 2024-08-05T15:20:21.121Z

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Published: 2024-08-05T14:21:44.499Z
Updated: 2024-08-05T15:21:21.294Z

Transient DOS while parsing the received TID-to-link mapping action frame.

Published: 2024-08-05T14:21:39.275Z
Updated: 2024-08-05T15:29:54.891Z

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

Published: 2024-08-05T14:21:38.166Z
Updated: 2024-08-05T15:31:33.271Z

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

Published: 2024-08-05T14:21:37.096Z
Updated: 2024-08-05T15:31:59.436Z

Transient DOS while parsing ESP IE from beacon/probe response frame.

Published: 2024-08-05T14:21:35.794Z
Updated: 2024-08-05T15:33:16.626Z

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

Published: 2024-08-05T14:21:34.386Z
Updated: 2024-08-05T15:34:18.185Z

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

Published: 2024-08-05T14:21:33.219Z
Updated: 2024-08-05T15:35:49.399Z

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

Published: 2024-08-05T14:21:31.845Z
Updated: 2024-08-05T15:38:17.772Z

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Published: 2024-08-05T14:21:30.704Z
Updated: 2024-08-05T15:38:42.755Z

Memory corruption when allocating and accessing an entry in an SMEM partition.

Published: 2024-07-01T14:17:17.981Z
Updated: 2024-08-01T23:06:24.626Z

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

Published: 2024-06-03T10:05:27.911Z
Updated: 2024-08-01T23:06:24.256Z

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

Published: 2024-07-01T14:17:16.594Z
Updated: 2024-08-01T22:20:40.623Z

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Published: 2024-05-06T14:32:18.401Z
Updated: 2024-08-01T22:20:40.972Z

Memory corruption while redirecting log file to any file location with any file name.

Published: 2024-04-01T15:06:09.698Z
Updated: 2024-08-01T22:20:40.649Z

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Published: 2024-08-05T14:21:15.424Z
Updated: 2024-08-05T15:10:33.597Z

Information disclosure while handling beacon or probe response frame in STA.

Published: 2024-08-05T14:21:14.295Z
Updated: 2024-08-05T15:08:59.385Z

Information disclosure while handling SA query action frame.

Published: 2024-07-01T14:17:06.770Z
Updated: 2024-08-01T22:20:40.616Z

INformation disclosure while handling Multi-link IE in beacon frame.

Published: 2024-07-01T14:17:05.569Z
Updated: 2024-08-01T22:20:40.823Z

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

Published: 2024-03-04T10:48:59.001Z
Updated: 2024-08-02T19:44:43.819Z

Memory corruption while processing MBSSID beacon containing several subelement IE.

Published: 2024-03-04T10:48:57.598Z
Updated: 2024-08-02T19:44:43.808Z

Memory corruption while processing TPC target power table in FTM TPC.

Published: 2024-03-04T10:48:54.886Z
Updated: 2024-08-12T18:20:07.549Z

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

Published: 2024-03-04T10:48:46.612Z
Updated: 2024-08-12T18:20:32.754Z

Information disclosure while handling T2LM Action Frame in WLAN Host.

Published: 2024-06-03T10:05:12.949Z
Updated: 2024-08-02T19:44:43.656Z

Transient DOS while processing 11AZ RTT management action frame received through OTA.

Published: 2024-02-06T05:47:25.823Z
Updated: 2025-06-17T21:29:26.384Z

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Published: 2024-02-06T05:47:24.174Z
Updated: 2024-08-21T20:34:17.830Z

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Published: 2024-01-02T05:38:53.528Z
Updated: 2025-06-16T19:53:38.503Z

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

Published: 2024-01-02T05:38:48.059Z
Updated: 2025-06-17T19:55:15.386Z

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Published: 2024-01-02T05:38:41.562Z
Updated: 2025-06-16T18:35:57.084Z

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

Published: 2024-03-04T10:48:45.127Z
Updated: 2024-08-26T20:48:58.369Z

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Published: 2023-12-05T03:04:26.582Z
Updated: 2024-08-02T15:32:46.683Z

Transient DOS in WLAN Firmware while processing a FTMR frame.

Published: 2023-12-05T03:04:25.294Z
Updated: 2024-08-02T15:32:46.643Z

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Published: 2023-12-05T03:04:23.127Z
Updated: 2024-08-02T15:32:47.014Z

Memory corruption when processing cmd parameters while parsing vdev.

Published: 2023-12-05T03:04:21.594Z
Updated: 2024-08-02T15:32:46.624Z

Memory corruption in WLAN Host while processing RRM beacon on the AP.

Published: 2023-12-05T03:04:19.198Z
Updated: 2024-12-02T17:09:59.561Z

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

Published: 2023-12-05T03:04:18.133Z
Updated: 2026-02-25T16:51:07.770Z

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

Published: 2023-12-05T03:04:16.996Z
Updated: 2024-08-02T15:32:46.729Z

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Published: 2023-12-05T03:04:15.707Z
Updated: 2024-10-10T19:36:42.225Z

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Published: 2023-12-05T03:04:10.949Z
Updated: 2025-10-21T23:05:31.211Z

Transient DOS in WLAN Firmware while parsing a BTM request.

Published: 2024-01-02T05:38:36.201Z
Updated: 2025-06-17T20:19:53.666Z

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.

Published: 2023-11-07T05:26:55.389Z
Updated: 2024-08-02T15:32:46.694Z

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

Published: 2023-11-07T05:26:52.887Z
Updated: 2024-08-02T15:32:46.617Z

Memory corruption in Kernel while parsing metadata.

Published: 2023-12-05T03:04:08.622Z
Updated: 2024-12-02T17:10:40.389Z

Transient DOS in WLAN Firmware while parsing t2lm buffers.

Published: 2023-11-07T05:26:49.815Z
Updated: 2024-08-02T15:32:46.635Z

Transient DOS in WLAN Firmware while parsing no-inherit IES.

Published: 2023-11-07T05:26:48.751Z
Updated: 2024-08-02T15:32:46.561Z

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

Published: 2023-11-07T05:26:47.720Z
Updated: 2024-08-02T15:32:46.585Z

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

Published: 2023-12-05T03:04:04.387Z
Updated: 2024-08-02T15:32:46.553Z

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

Published: 2023-10-03T05:00:41.521Z
Updated: 2025-02-27T20:47:35.999Z

Transient DOS in WLAN Firmware while parsing rsn ies.

Published: 2023-10-03T05:00:40.127Z
Updated: 2024-08-02T15:32:46.565Z

Transient DOS in WLAN Firmware while parsing a NAN management frame.

Published: 2023-10-03T05:00:38.775Z
Updated: 2024-08-02T15:32:46.632Z

Transient DOS in WLAN firmware while parsing MLO (multi-link operation).

Published: 2023-09-05T06:24:30.323Z
Updated: 2024-08-02T15:32:46.662Z

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Published: 2023-09-05T06:24:29.035Z
Updated: 2024-08-02T15:32:46.747Z

Memory corruption in Core Services while executing the command for removing a single event listener.

Published: 2024-03-04T10:48:27.802Z
Updated: 2024-08-29T18:23:28.510Z

Memory corruption in WLAN HAL while parsing WMI command parameters.

Published: 2023-09-05T06:24:25.110Z
Updated: 2024-08-02T13:43:22.725Z

Information disclosure in WLAN HAL while handling command through WMI interfaces.

Published: 2023-11-07T05:26:42.279Z
Updated: 2024-08-02T13:43:22.620Z

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Published: 2023-09-05T06:24:23.598Z
Updated: 2025-02-27T21:01:29.633Z

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Published: 2023-09-05T06:24:21.806Z
Updated: 2025-02-27T21:01:35.661Z

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Published: 2023-09-05T06:24:20.269Z
Updated: 2025-02-27T21:01:43.864Z

Information disclosure in IOE Firmware while handling WMI command.

Published: 2023-11-07T05:26:37.887Z
Updated: 2024-08-02T13:43:23.473Z

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Published: 2023-09-05T06:24:17.160Z
Updated: 2025-02-27T21:02:03.721Z

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

Published: 2023-09-05T06:24:15.784Z
Updated: 2025-02-27T21:02:10.588Z

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Published: 2023-09-05T06:24:12.673Z
Updated: 2024-08-02T13:43:23.051Z

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

Published: 2023-11-07T05:26:35.362Z
Updated: 2024-08-02T13:43:23.243Z

Information Disclosure in WLAN Host when processing WMI event command.

Published: 2023-11-07T05:26:33.920Z
Updated: 2024-09-04T18:53:58.506Z

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Published: 2023-12-05T03:03:48.538Z
Updated: 2024-08-02T13:43:22.782Z

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

Published: 2023-09-05T06:24:11.272Z
Updated: 2025-02-27T21:02:20.269Z

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

Published: 2023-09-05T06:24:09.548Z
Updated: 2025-02-27T21:02:27.003Z

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

Published: 2023-09-05T06:24:08.152Z
Updated: 2025-02-27T21:02:34.781Z

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Published: 2023-07-04T04:46:44.316Z
Updated: 2024-08-02T13:43:23.078Z

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

Published: 2023-10-03T05:00:35.349Z
Updated: 2025-02-27T20:47:51.088Z

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

Published: 2023-07-04T04:46:42.390Z
Updated: 2024-08-02T11:03:19.259Z

Transient DOS in Modem while allocating DSM items.

Published: 2023-10-03T05:00:27.519Z
Updated: 2024-08-02T11:03:19.321Z

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Published: 2023-07-04T04:46:40.252Z
Updated: 2024-08-02T10:07:06.588Z

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

Published: 2023-07-04T04:46:39.094Z
Updated: 2024-08-02T10:07:06.733Z

Memory Corruption in Core Platform while printing the response buffer in log.

Published: 2023-09-05T06:24:03.047Z
Updated: 2025-02-27T21:02:48.187Z

Memory corruption in Core Platform while printing the response buffer in log.

Published: 2023-09-05T06:24:00.471Z
Updated: 2025-02-27T21:02:56.010Z

Transient DOS while parsing WLAN beacon or probe-response frame.

Published: 2023-06-06T07:39:18.288Z
Updated: 2024-08-02T09:44:02.162Z

Transient DOS in WLAN Firmware while parsing FT Information Elements.

Published: 2023-06-06T07:39:16.722Z
Updated: 2024-08-02T09:44:01.930Z

Transient DOS in WLAN Firmware while processing frames with missing header fields.

Published: 2023-06-06T07:39:15.032Z
Updated: 2024-08-02T09:44:02.109Z

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

Published: 2023-06-06T07:39:13.326Z
Updated: 2024-08-02T09:44:02.174Z

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Published: 2023-06-06T07:39:07.103Z
Updated: 2024-08-02T09:44:01.610Z

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Published: 2023-04-04T04:46:55.076Z
Updated: 2024-08-03T12:21:46.326Z

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Published: 2023-03-07T04:43:50.477Z
Updated: 2024-08-03T12:21:46.067Z

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Published: 2023-03-07T04:43:48.352Z
Updated: 2024-08-03T12:21:46.449Z

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

Published: 2023-03-07T04:43:46.301Z
Updated: 2024-08-03T12:21:45.968Z

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

Published: 2023-02-09T06:58:54.343Z
Updated: 2024-08-03T12:21:46.130Z

Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.

Published: 2023-02-09T06:58:52.961Z
Updated: 2024-08-03T12:21:45.994Z

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Published: 2023-02-09T06:58:51.576Z
Updated: 2024-08-03T12:21:46.219Z

Transient DOS due to improper input validation in WLAN Host.

Published: 2023-02-09T06:58:49.985Z
Updated: 2024-08-03T12:21:45.979Z

Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.

Published: 2023-02-09T06:58:48.744Z
Updated: 2024-08-03T08:16:17.149Z

Transient DOS due to buffer over-read in WLAN Host while parsing frame information.

Published: 2023-02-09T06:58:47.544Z
Updated: 2024-08-03T08:16:17.014Z

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

Published: 2023-03-07T04:43:42.523Z
Updated: 2024-08-03T08:01:20.551Z

Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.

Published: 2023-02-09T06:58:46.264Z
Updated: 2024-08-03T08:01:20.674Z

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Published: 2023-01-06T05:02:30.303Z
Updated: 2025-04-09T14:57:22.026Z

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Published: 2023-01-06T05:02:28.591Z
Updated: 2025-04-09T15:00:21.443Z

Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.

Published: 2023-01-06T05:02:26.918Z
Updated: 2025-04-09T15:05:39.836Z

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.

Published: 2023-01-06T05:02:25.629Z
Updated: 2025-04-09T15:07:56.560Z

Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

Published: 2023-02-09T06:58:43.369Z
Updated: 2024-08-03T08:01:20.532Z

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Published: 2023-02-09T06:58:41.756Z
Updated: 2024-08-03T08:01:20.528Z

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.

Published: 2023-01-06T05:02:24.356Z
Updated: 2025-04-09T19:39:14.634Z

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Published: 2023-09-05T06:23:48.279Z
Updated: 2025-02-27T21:03:13.315Z

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Published: 2023-02-09T06:58:40.259Z
Updated: 2024-08-03T08:01:20.493Z

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

Published: 2023-01-06T05:02:17.616Z
Updated: 2025-04-09T19:48:06.690Z

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

Published: 2023-01-06T05:02:16.318Z
Updated: 2025-04-09T19:48:49.837Z

Memory corruption due to improper access control in Qualcomm IPC.

Published: 2023-02-09T06:58:35.212Z
Updated: 2024-08-03T08:01:20.540Z

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-11-15T00:00:00.000Z
Updated: 2025-04-22T15:48:59.953Z

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T13:50:17.708Z

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-11-15T00:00:00.000Z
Updated: 2025-04-22T15:49:08.644Z

Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2022-11-15T00:00:00.000Z
Updated: 2025-04-22T15:49:16.930Z

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T15:44:28.488Z

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-10-19T00:00:00.000Z
Updated: 2025-04-22T15:51:26.911Z

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-10-19T00:00:00.000Z
Updated: 2025-04-22T15:51:34.419Z

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-10-19T00:00:00.000Z
Updated: 2025-05-09T14:34:56.898Z

Information exposure in DSP services due to improper handling of freeing memory

Published: 2023-01-06T05:02:09.721Z
Updated: 2025-04-09T20:17:08.832Z

Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-10-19T00:00:00.000Z
Updated: 2025-05-09T14:37:04.108Z

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T15:57:50.369Z

Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking

Published: 2022-11-15T00:00:00.000Z
Updated: 2025-04-22T15:51:16.862Z

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-10-19T00:00:00.000Z
Updated: 2025-05-09T14:49:35.474Z

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Published: 2023-03-07T04:43:15.195Z
Updated: 2024-08-03T04:42:50.588Z

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking

Published: 2022-09-16T05:25:51.000Z
Updated: 2024-08-03T04:42:50.694Z

information disclosure due to cryptographic issue in Core during RPMB read request.

Published: 2023-06-06T07:38:33.401Z
Updated: 2024-08-03T03:00:55.353Z

Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2022-06-14T10:11:28.000Z
Updated: 2024-08-04T00:33:51.116Z

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-04-01T04:40:38.000Z
Updated: 2024-08-04T00:33:51.119Z

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-04-01T04:40:36.000Z
Updated: 2024-08-04T00:33:51.026Z

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-06-14T10:11:14.000Z
Updated: 2024-08-04T00:33:50.864Z

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2022-02-11T10:40:32.000Z
Updated: 2024-08-04T00:33:51.119Z

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-01-03T07:26:10.000Z
Updated: 2025-05-22T15:02:43.694Z

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-01-03T07:26:07.000Z
Updated: 2024-08-03T22:32:41.107Z

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-02-11T10:40:28.000Z
Updated: 2024-08-03T22:32:40.952Z

Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-02-11T10:40:27.000Z
Updated: 2024-08-03T22:32:40.585Z

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-01-13T11:40:30.000Z
Updated: 2024-08-03T22:32:40.563Z

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-10-20T06:31:52.000Z
Updated: 2024-08-03T22:32:40.290Z

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2022-01-03T07:26:06.000Z
Updated: 2024-08-03T22:32:40.453Z

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-10-20T06:31:44.000Z
Updated: 2024-08-03T22:32:40.263Z

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-10-20T06:31:38.000Z
Updated: 2024-08-03T22:32:39.957Z

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2022-01-03T07:25:48.000Z
Updated: 2024-08-03T22:24:59.599Z

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-11-12T06:16:01.000Z
Updated: 2024-08-03T22:24:59.623Z

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-11-12T06:15:58.000Z
Updated: 2024-08-03T22:24:59.751Z

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-17T07:05:25.000Z
Updated: 2024-08-03T22:24:59.594Z

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-10-20T06:31:27.000Z
Updated: 2024-08-03T16:25:06.488Z

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-17T07:05:24.000Z
Updated: 2024-08-03T16:25:06.467Z

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-09T07:36:07.000Z
Updated: 2024-08-03T16:25:06.429Z

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-08T11:25:46.000Z
Updated: 2024-08-03T16:25:06.538Z

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-09T07:36:05.000Z
Updated: 2024-08-03T16:25:06.539Z

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:31:07.000Z
Updated: 2024-08-03T16:25:06.252Z

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:31:05.000Z
Updated: 2024-08-03T16:25:06.512Z

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-09T07:35:59.000Z
Updated: 2024-08-03T16:25:06.534Z

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:31:02.000Z
Updated: 2024-08-03T16:25:06.523Z

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:31:00.000Z
Updated: 2024-08-03T16:25:06.259Z

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-09T07:35:51.000Z
Updated: 2024-08-03T16:25:06.539Z

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:30:59.000Z
Updated: 2024-08-03T16:25:06.269Z

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:30:57.000Z
Updated: 2024-08-03T16:25:06.441Z

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-09T07:35:47.000Z
Updated: 2024-08-03T16:25:06.379Z

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-07-13T05:30:54.000Z
Updated: 2024-08-03T16:25:06.420Z

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T06:20:24.000Z
Updated: 2024-08-03T16:25:06.599Z

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-08T11:25:41.000Z
Updated: 2024-08-03T16:25:06.422Z

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-05-07T09:10:43.000Z
Updated: 2024-08-03T16:25:06.469Z

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-05-07T09:10:42.000Z
Updated: 2024-08-03T16:25:06.173Z

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-11-12T06:15:42.000Z
Updated: 2024-08-03T16:25:06.420Z

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-05-07T09:10:42.000Z
Updated: 2024-08-03T16:25:06.195Z

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-09T07:35:41.000Z
Updated: 2024-08-03T16:25:06.203Z

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-11-12T06:15:37.000Z
Updated: 2024-08-03T16:25:06.371Z

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-09-08T11:25:31.000Z
Updated: 2024-08-04T11:28:13.862Z

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:26:06.000Z
Updated: 2024-08-04T11:28:13.857Z

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-05-07T09:10:36.000Z
Updated: 2024-08-04T11:28:13.857Z

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:26:03.000Z
Updated: 2024-08-04T11:28:13.781Z

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:26:03.000Z
Updated: 2024-08-04T11:28:13.809Z

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:26:02.000Z
Updated: 2024-08-04T11:28:13.796Z

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:26:01.000Z
Updated: 2024-08-04T11:28:13.815Z

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:26:00.000Z
Updated: 2024-08-04T11:28:13.848Z

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:25:58.000Z
Updated: 2024-08-04T11:28:13.840Z

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T06:20:20.000Z
Updated: 2024-08-04T11:28:13.791Z

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T05:00:44.000Z
Updated: 2024-08-04T11:28:13.847Z

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T05:00:42.000Z
Updated: 2024-08-04T11:28:13.795Z

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T05:00:41.000Z
Updated: 2024-08-04T11:28:13.379Z

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: 2021-02-22T06:25:55.000Z
Updated: 2024-08-04T11:28:13.292Z

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T05:00:36.000Z
Updated: 2024-08-04T11:28:12.378Z

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T05:00:36.000Z
Updated: 2024-08-04T11:21:14.790Z

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-06-09T05:00:35.000Z
Updated: 2024-08-04T11:21:14.624Z

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: 2021-01-21T09:41:10.000Z
Updated: 2024-08-04T11:21:14.640Z