Qca2065 Firmware Security Vulnerabilities

CVE-2023-43536

Transient DOS while parse fils IE with length equal to...

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or...

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon...

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM...

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected...

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing...

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN...

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface...

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory...

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit...

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk...

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management...

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI...

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command...

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status...

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...

CVE-2023-28548

Memory corruption in WLAN HAL while processing Tx/Rx commands from...

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV...

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header...

CVE-2023-21658

Transient DOS in WLAN Firmware while processing the received beacon or probe response...

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to...

CVE-2022-40530

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization...

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID...

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response...

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or...

CVE-2022-33306

Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled...

CVE-2022-33277

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI...

CVE-2022-33271

Information disclosure due to buffer over-read in WLAN while parsing NMF...

CVE-2022-33283

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length...

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management...

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action...

CVE-2022-33276

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID...

CVE-2022-33284

Information disclosure due to buffer over-read in WLAN while parsing BTM action...

CVE-2022-33253

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN...

CVE-2022-33252

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons...

CVE-2022-33238

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

CVE-2022-33235

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2022-33239

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2022-33237

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2022-25663

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...

CVE-2022-25736

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2022-25748

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

CVE-2022-25749

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2021-35129

Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and...