Version SDX65M

CVE-2024-45558

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.

HIGH CVSS 7.5 Published Jan 06, 2025

CVE-2024-33063

Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.

HIGH CVSS 7.5 Published Dec 02, 2024

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33073

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 8.2 Published Oct 07, 2024

CVE-2024-33066

Memory corruption while redirecting log file to any file location with any file name.

CRITICAL CVSS 9.8 Published Oct 07, 2024

CVE-2024-33049

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-33026

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33019

Transient DOS while parsing the received TID-to-link mapping action frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33018

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21467

Information disclosure while handling beacon probe frame during scan entry generation in client side.

MEDIUM CVSS 6.5 Published Aug 05, 2024

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.

MEDIUM CVSS 6.5 Published Aug 05, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21482

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

MEDIUM CVSS 6.8 Published Jul 01, 2024

CVE-2024-21462

Transient DOS while loading the TA ELF file.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-21458

Information disclosure while handling SA query action frame.

MEDIUM CVSS 6.5 Published Jul 01, 2024

CVE-2024-21457

INformation disclosure while handling Multi-link IE in beacon frame.

MEDIUM CVSS 6.5 Published Jul 01, 2024

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

HIGH CVSS 7.5 Published Jun 03, 2024

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN Host.

MEDIUM CVSS 6.5 Published Jun 03, 2024

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

HIGH CVSS 7.5 Published May 06, 2024

CVE-2024-21473

Memory corruption while redirecting log file to any file location with any file name.

CRITICAL CVSS 9.8 Published Apr 01, 2024

CVE-2023-43553

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

CRITICAL CVSS 9.8 Published Mar 04, 2024

CVE-2023-43552

Memory corruption while processing MBSSID beacon containing several subelement IE.

CRITICAL CVSS 9.8 Published Mar 04, 2024

CVE-2023-43549

Memory corruption while processing TPC target power table in FTM TPC.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33105

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-43523

Transient DOS while processing 11AZ RTT management action frame received through OTA.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-33072

Memory corruption in Core while processing control functions.

CRITICAL CVSS 9.3 Published Feb 06, 2024

CVE-2023-33060

Transient DOS in Core when DDR memory check is called while DDR is not initialized.

HIGH CVSS 7.1 Published Feb 06, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33116

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33097

Transient DOS in WLAN Firmware while processing a FTMR frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33083

Memory corruption in WLAN Host while processing RRM beacon on the AP.

CRITICAL CVSS 9.8 Published Dec 05, 2023

CVE-2023-33082

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

CRITICAL CVSS 9.8 Published Dec 05, 2023

CVE-2023-33081

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33053

Memory corruption in Kernel while parsing metadata.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33041

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

MEDIUM CVSS 6.0 Published Dec 05, 2023

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

HIGH CVSS 8.2 Published Dec 05, 2023

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.

HIGH CVSS 7.5 Published Nov 07, 2023

CVE-2023-33056

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

HIGH CVSS 7.5 Published Nov 07, 2023

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm buffers.

HIGH CVSS 7.5 Published Nov 07, 2023

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit IES.

HIGH CVSS 7.5 Published Nov 07, 2023

CVE-2023-33045

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

CRITICAL CVSS 9.8 Published Nov 07, 2023

CVE-2023-28553

Information Disclosure in WLAN Host when processing WMI event command.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

HIGH CVSS 8.4 Published Nov 07, 2023

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

CRITICAL CVSS 9.8 Published Oct 03, 2023

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-28539

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

MEDIUM CVSS 6.6 Published Oct 03, 2023

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in log.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-21662

Memory corruption in Core Platform while printing the response buffer in log.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-24851

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

HIGH CVSS 7.8 Published Jul 04, 2023

CVE-2022-40535

Transient DOS due to buffer over-read in WLAN while sending a packet to device.

HIGH CVSS 7.5 Published Mar 07, 2023

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-40530

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

HIGH CVSS 8.4 Published Mar 07, 2023

CVE-2022-40527

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

HIGH CVSS 7.5 Published Mar 07, 2023

CVE-2022-33309

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

HIGH CVSS 7.5 Published Mar 07, 2023