CVE-2025-21482

all versions

Cryptographic issue while performing RSA PKCS padding decoding.

7.1HIGH

CVE-2025-27066

all versions

Transient DOS while processing an ANQP message.

7.5HIGH

CVE-2023-43536

all versions

Transient DOS while parse fils IE with length equal to 1.

7.5HIGH

CVE-2023-43511

all versions

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

7.5HIGH

CVE-2023-33109

all versions

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

7.5HIGH

CVE-2023-33080

all versions

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

7.5HIGH

CVE-2023-28569

all versions

Information disclosure in WLAN HAL while handling command through WMI interfaces.

6.1MEDIUM

CVE-2023-28563

all versions

Information disclosure in IOE Firmware while handling WMI command.

6.1MEDIUM

CVE-2023-33027

all versions

Transient DOS in WLAN Firmware while parsing rsn ies.

7.5HIGH

CVE-2023-33015

all versions

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

7.5HIGH

CVE-2023-28565

all versions

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

7.8HIGH

CVE-2023-28564

all versions

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

7.8HIGH

CVE-2023-28560

all versions

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

7.8HIGH

CVE-2023-28559

all versions

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

7.8HIGH

CVE-2023-28558

all versions

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

7.8HIGH

CVE-2023-28557

all versions

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

7.8HIGH

CVE-2023-28544

all versions

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

7.8HIGH

CVE-2022-33275

all versions

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

8.4HIGH

CVE-2023-21628

all versions

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

8.4HIGH

CVE-2022-40532

all versions

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

8.4HIGH

CVE-2022-40531

all versions

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

8.4HIGH

CVE-2022-25655

all versions

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

8.4HIGH

CVE-2022-40512

all versions

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

7.5HIGH

CVE-2022-33277

all versions

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

8.4HIGH

CVE-2022-33286

all versions

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

7.5HIGH

CVE-2022-33285

all versions

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

7.5HIGH

CVE-2022-33238

all versions

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

7.5HIGH

CVE-2022-33235

all versions

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

8.2HIGH

CVE-2022-33237

all versions

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

7.5HIGH

CVE-2022-25749

all versions

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

7.5HIGH

CVE-2022-25748

all versions

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

9.8CRITICAL

CVE-2022-25736

all versions

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

7.5HIGH

CVE-2021-30313

all versions

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon

6.7MEDIUM

CVE-2021-30303

all versions

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

7.8HIGH

CVE-2021-30266

all versions

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon

6.7MEDIUM

CVE-2021-1924

all versions

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

9.0CRITICAL

CVE-2021-1903

all versions

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

5.3MEDIUM

CVE-2021-30302

all versions

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Comput

7.5HIGH

CVE-2021-1980

all versions

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Sna

7.5HIGH

CVE-2021-30260

all versions

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

8.4HIGH

CVE-2021-1976

all versions

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

9.8CRITICAL

CVE-2021-1947

all versions

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Con

8.4HIGH

CVE-2021-1962

all versions

Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum

6.7MEDIUM

CVE-2021-1948

all versions

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snap

7.5HIGH

CVE-2021-1941

all versions

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute,

7.5HIGH

CVE-2021-1909

all versions

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

7.3HIGH

CVE-2021-1972

all versions

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

9.8CRITICAL

CVE-2021-1928

all versions

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdra

4.6MEDIUM

CVE-2020-11301

all versions

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

9.1CRITICAL

CVE-2021-1953

all versions

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

7.5HIGH

CVE-2021-1938

all versions

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

7.5HIGH

CVE-2021-1887

all versions

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infra

7.5HIGH

CVE-2021-1937

all versions

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdr

7.5HIGH

CVE-2020-11267

all versions

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdra

8.4HIGH

CVE-2020-11241

all versions

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

7.5HIGH

CVE-2020-11238

all versions

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

7.5HIGH

CVE-2020-11235

all versions

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

7.8HIGH

CVE-2020-11159

all versions

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

9.1CRITICAL

CVE-2020-11126

all versions

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon

9.1CRITICAL

CVE-2021-1925

all versions

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

7.5HIGH

CVE-2020-11296

all versions

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

7.5HIGH

CVE-2020-11280

all versions

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

7.5HIGH

CVE-2020-11276

all versions

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

9.1CRITICAL

CVE-2020-11275

all versions

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

9.1CRITICAL

CVE-2020-11270

all versions

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

7.5HIGH

CVE-2020-11269

all versions

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

8.8HIGH

CVE-2020-11119

all versions

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

7.5HIGH