Qca0000 Firmware Security Vulnerabilities

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or...

CVE-2023-43523

Transient DOS while processing 11AZ RTT management action frame received through...

CVE-2023-33072

Memory corruption in Core while processing control...

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...

CVE-2023-33116

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN...

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM...

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected...

CVE-2023-33097

Transient DOS in WLAN Firmware while processing a FTMR...

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing...

CVE-2023-33083

Memory corruption in WLAN Host while processing RRM beacon on the...

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN...

CVE-2023-33082

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO...

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...

CVE-2023-33081

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA...

CVE-2023-33041

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer...

CVE-2023-33053

Memory corruption in Kernel while parsing...

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE...

CVE-2023-33056

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM...

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit...

CVE-2023-33045

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3...

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem...

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk...

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management...

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI...

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1...

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or...

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management...

CVE-2022-33238

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

CVE-2022-33237

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2022-25718

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2022-25749

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2020-11303

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2021-30260

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

CVE-2020-11159

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon.....

CVE-2020-11235

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

CVE-2020-11296

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2020-11276

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer.....

CVE-2020-11269

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2020-11119

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,....