CVE-2023-33082

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

CVE-2022-40530

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

CVE-2022-33271

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

CVE-2022-33277

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2022-33283

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields.

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI interfaces.

CVE-2022-40527

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

CVE-2023-33041

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-33083

Memory corruption in WLAN Host while processing RRM beacon on the AP.

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

CVE-2022-33284

Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVE-2022-33253

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

CVE-2022-33252

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

CVE-2022-33276

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command parameters.

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

CVE-2023-28548

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.