Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, ...
7.5CVSS
7.8AI Score
0.001EPSS
Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon I...
9.1CVSS
9.2AI Score
0.002EPSS
Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...
7.8CVSS
7.9AI Score
0.0005EPSS
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra...
8.8CVSS
8.8AI Score
0.001EPSS
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer I...
9.1CVSS
9.1AI Score
0.002EPSS
Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voic...
7.5CVSS
7.7AI Score
0.001EPSS
Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice...
8.6CVSS
7.2AI Score
0.001EPSS
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,...
8.4CVSS
8AI Score
0.0004EPSS
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music...
9.8CVSS
9.4AI Score
0.002EPSS
Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voi...
7.5CVSS
7.7AI Score
0.001EPSS
Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snap...
7.5CVSS
7.7AI Score
0.001EPSS
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mo...
7.5CVSS
7.6AI Score
0.001EPSS
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
7.5CVSS
6.5AI Score
0.001EPSS
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
7.5CVSS
7.6AI Score
0.001EPSS
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4CVSS
7.9AI Score
0.0004EPSS
Memory Corruption in Core due to secure memory access by user while loading modem image.
8.4CVSS
7.5AI Score
0.0004EPSS
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
7.8CVSS
7.9AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
6.5CVSS
6.4AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
9.8CVSS
8.3AI Score
0.001EPSS
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
9.8CVSS
9.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.
9.8CVSS
9.6AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.001EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
7.5CVSS
7.6AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while processing 11AZ RTT management action frame received through OTA.
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
6.5AI Score
0.001EPSS
7.1CVSS
7AI Score
0.0004EPSS
7.5CVSS
6.5AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
7.5CVSS
7.6AI Score
0.0005EPSS