Memory corruption while processing large input data from a remote source via a communication interface.
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.
Memory Corruption when accessing buffers with invalid length during TA invocation.
Memory corruption may occur while processing message from frontend during allocation.
Information disclosure during audio playback.
Transient DOS while processing an ANQP message.
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for
Memory corruption while routing GPR packets between user and root when handling large data packet.
An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet.
Memory corruption while calculating offset from partition start point.
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
Information disclosure while processing information on firmware image during core initialization.
Information disclosure while running video usecase having rogue firmware.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.