CVE-2025-47318

all versions

Transient DOS while parsing the EPTM test control message to get the test pattern.

7.5HIGH

CVE-2025-27066

all versions

Transient DOS while processing an ANQP message.

7.5HIGH

CVE-2025-21448

all versions

Transient DOS may occur while parsing SSID in action frames.

7.5HIGH

CVE-2025-21441

all versions

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

7.8HIGH

CVE-2025-21440

all versions

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

7.8HIGH

CVE-2024-45542

all versions

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

7.8HIGH

CVE-2024-45541

all versions

Memory corruption when IOCTL call is invoked from user-space to read board data.

7.8HIGH

CVE-2024-43050

all versions

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

7.8HIGH

CVE-2024-38408

all versions

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

8.2HIGH

CVE-2024-33051

all versions

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

7.5HIGH

CVE-2024-21476

all versions

Memory corruption when the channel ID passed by user is not validated and further used.

7.8HIGH

CVE-2023-43536

all versions

Transient DOS while parse fils IE with length equal to 1.

7.5HIGH

CVE-2023-43533

all versions

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

7.5HIGH

CVE-2023-43522

all versions

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

7.5HIGH

CVE-2023-43511

all versions

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

7.5HIGH

CVE-2023-33109

all versions

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

7.5HIGH

CVE-2023-33062

all versions

Transient DOS in WLAN Firmware while parsing a BTM request.

7.5HIGH

CVE-2023-33098

all versions

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

7.5HIGH

CVE-2023-33089

all versions

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

7.5HIGH

CVE-2023-33088

all versions

Memory corruption when processing cmd parameters while parsing vdev.

8.4HIGH

CVE-2023-33081

all versions

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

7.5HIGH

CVE-2023-33080

all versions

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

7.5HIGH

CVE-2023-33027

all versions

Transient DOS in WLAN Firmware while parsing rsn ies.

7.5HIGH

CVE-2023-33015

all versions

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

7.5HIGH

CVE-2023-28573

all versions

Memory corruption in WLAN HAL while parsing WMI command parameters.

7.8HIGH

CVE-2023-28567

all versions

Memory corruption in WLAN HAL while handling command through WMI interfaces.

7.8HIGH

CVE-2023-28558

all versions

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

7.8HIGH

CVE-2023-28557

all versions

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

7.8HIGH

CVE-2023-28549

all versions

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

7.8HIGH

CVE-2023-28548

all versions

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

7.8HIGH

CVE-2022-33275

all versions

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

8.4HIGH

CVE-2023-21659

all versions

Transient DOS in WLAN Firmware while processing frames with missing header fields.

7.5HIGH

CVE-2022-40532

all versions

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

8.4HIGH

CVE-2022-40531

all versions

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

8.4HIGH

CVE-2022-40530

all versions

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

8.4HIGH

CVE-2022-40514

all versions

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc respo

9.8CRITICAL

CVE-2022-40512

all versions

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

7.5HIGH

CVE-2022-33277

all versions

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

8.4HIGH

CVE-2022-33271

all versions

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

8.2HIGH

CVE-2022-33286

all versions

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

7.5HIGH

CVE-2022-33285

all versions

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

7.5HIGH

CVE-2022-33253

all versions

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

7.5HIGH

CVE-2022-33252

all versions

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

8.2HIGH

CVE-2022-33238

all versions

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

7.5HIGH

CVE-2022-33235

all versions

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

8.2HIGH

CVE-2022-33239

all versions

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

7.5HIGH

CVE-2022-33237

all versions

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

7.5HIGH

CVE-2022-25749

all versions

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

7.5HIGH

CVE-2022-25748

all versions

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

9.8CRITICAL

CVE-2022-25736

all versions

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

7.5HIGH

CVE-2022-25663

all versions

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapd

5.5MEDIUM

CVE-2022-25690

all versions

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Au

7.5HIGH

CVE-2021-30348

all versions

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapd

6.5MEDIUM

CVE-2021-30272

all versions

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

7.3HIGH

CVE-2021-30321

all versions

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Conne

9.8CRITICAL

CVE-2021-1903

all versions

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

5.3MEDIUM

CVE-2021-30302

all versions

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Comput

7.5HIGH

CVE-2021-30288

all versions

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Sn

8.4HIGH

CVE-2021-1980

all versions

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Sna

7.5HIGH

CVE-2021-30260

all versions

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

8.4HIGH

CVE-2021-1971

all versions

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,

7.5HIGH

CVE-2021-1960

all versions

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdrago

6.5MEDIUM

CVE-2021-1948

all versions

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snap

7.5HIGH

CVE-2021-1941

all versions

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute,

7.5HIGH

CVE-2020-11264

all versions

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injectio

9.1CRITICAL

CVE-2021-1953

all versions

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

7.5HIGH

CVE-2021-1938

all versions

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

7.5HIGH

CVE-2021-1937

all versions

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdr

7.5HIGH

CVE-2020-11241

all versions

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

7.5HIGH

CVE-2020-11238

all versions

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

7.5HIGH

CVE-2021-1925

all versions

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

7.5HIGH

CVE-2021-1892

all versions

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdra

8.4HIGH

CVE-2020-11296

all versions

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

7.5HIGH

CVE-2020-11281

all versions

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

7.5HIGH

CVE-2020-11280

all versions

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

7.5HIGH

CVE-2020-11278

all versions

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

7.5HIGH

CVE-2020-11276

all versions

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

9.1CRITICAL

CVE-2020-11275

all versions

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

9.1CRITICAL

CVE-2020-11270

all versions

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

7.5HIGH