Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47402 | 1 Qualcomm | 188 Ar8035, Ar8035 Firmware, Cologne and 185 more | 2026-02-11 | N/A | 6.5 MEDIUM |
|
Transient DOS when processing a received frame with an excessively large authentication information element.
|
|||||
| CVE-2025-21429 | 1 Qualcomm | 364 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 361 more | 2026-02-10 | N/A | 7.5 HIGH |
|
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
|
|||||
| CVE-2025-21463 | 1 Qualcomm | 422 Ar8035, Ar8035 Firmware, Csr8811 and 419 more | 2025-11-28 | N/A | 7.5 HIGH |
|
Transient DOS while processing the EHT operation IE in the received beacon frame.
|
|||||
| CVE-2025-47318 | 1 Qualcomm | 406 Apq8017, Apq8017 Firmware, Apq8064au and 403 more | 2025-11-28 | N/A | 7.5 HIGH |
|
Transient DOS while parsing the EPTM test control message to get the test pattern.
|
|||||
| CVE-2025-27066 | 1 Qualcomm | 744 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 741 more | 2025-11-28 | N/A | 7.5 HIGH |
|
Transient DOS while processing an ANQP message.
|
|||||
| CVE-2025-47370 | 1 Qualcomm | 272 Ar8035, Ar8035 Firmware, Csrb31024 and 269 more | 2025-11-05 | N/A | 6.5 MEDIUM |
|
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
|
|||||
| CVE-2025-21448 | 1 Qualcomm | 538 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 535 more | 2025-10-06 | N/A | 7.5 HIGH |
|
Transient DOS may occur while parsing SSID in action frames.
|
|||||
| CVE-2025-21435 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Csr8811 and 295 more | 2025-10-06 | N/A | 7.5 HIGH |
|
Transient DOS may occur while parsing extended IE in beacon.
|
|||||
| CVE-2025-21434 | 1 Qualcomm | 244 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 241 more | 2025-10-06 | N/A | 7.5 HIGH |
|
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
|
|||||
| CVE-2025-21430 | 1 Qualcomm | 450 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq8017 and 447 more | 2025-10-06 | N/A | 7.5 HIGH |
|
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
|
|||||
| CVE-2024-23364 | 1 Qualcomm | 358 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 355 more | 2025-10-03 | N/A | 7.5 HIGH |
|
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
|
|||||
| CVE-2025-27057 | 1 Qualcomm | 422 Ar8035, Ar8035 Firmware, Csr8811 and 419 more | 2025-09-25 | N/A | 7.5 HIGH |
|
Transient DOS while handling beacon frames with invalid IE header length.
|
|||||
| CVE-2025-21441 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 95 more | 2025-08-20 | N/A | 7.8 HIGH |
|
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
|
|||||
| CVE-2025-21440 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 95 more | 2025-08-20 | N/A | 7.8 HIGH |
|
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
|
|||||
| CVE-2025-27073 | 1 Qualcomm | 340 Ar8035, Ar8035 Firmware, Csr8811 and 337 more | 2025-08-20 | N/A | 7.5 HIGH |
|
Transient DOS while creating NDP instance.
|
|||||
| CVE-2025-27065 | 1 Qualcomm | 300 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 297 more | 2025-08-20 | N/A | 7.5 HIGH |
|
Transient DOS while processing a frame with malformed shared-key descriptor.
|
|||||
| CVE-2024-21459 | 1 Qualcomm | 350 Ar8035, Ar8035 Firmware, Ar9380 and 347 more | 2025-08-15 | N/A | 6.5 MEDIUM |
|
Information disclosure while handling beacon or probe response frame in STA.
|
|||||
| CVE-2023-28571 | 1 Qualcomm | 172 8098, 8098 Firmware, 8998 and 169 more | 2025-08-11 | N/A | 6.1 MEDIUM |
|
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
|
|||||
| CVE-2023-43520 | 1 Qualcomm | 140 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 137 more | 2025-08-11 | N/A | 8.6 HIGH |
|
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
|
|||||
| CVE-2024-45558 | 1 Qualcomm | 366 Ar8035, Ar8035 Firmware, Csr8811 and 363 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
|
|||||
| CVE-2024-53027 | 1 Qualcomm | 424 205, 205 Firmware, Apq8017 and 421 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS may occur while processing the country IE.
|
|||||
| CVE-2023-43534 | 1 Qualcomm | 132 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 129 more | 2025-08-11 | N/A | 8.6 HIGH |
|
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
|
|||||
| CVE-2023-43522 | 1 Qualcomm | 572 Aqt1000, Aqt1000 Firmware, Ar8035 and 569 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
|
|||||
| CVE-2023-43511 | 1 Qualcomm | 712 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9206 Lte Modem and 709 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
|
|||||
| CVE-2024-33050 | 1 Qualcomm | 514 Ar8035, Ar8035 Firmware, Ar9380 and 511 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
|
|||||
| CVE-2023-33062 | 1 Qualcomm | 580 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 577 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS in WLAN Firmware while parsing a BTM request.
|
|||||
| CVE-2023-43552 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Csr8811 and 295 more | 2025-08-11 | N/A | 9.8 CRITICAL |
|
Memory corruption while processing MBSSID beacon containing several subelement IE.
|
|||||
| CVE-2024-33051 | 1 Qualcomm | 578 315 5g Iot, 315 5g Iot Firmware, 9206 Lte and 575 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
|
|||||
| CVE-2023-33028 | 1 Qualcomm | 352 Ar8035, Ar8035 Firmware, Ar9380 and 349 more | 2025-08-11 | N/A | 9.8 CRITICAL |
|
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
|
|||||
| CVE-2023-43536 | 1 Qualcomm | 618 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 615 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while parse fils IE with length equal to 1.
|
|||||
| CVE-2024-45541 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 99 more | 2025-08-11 | N/A | 7.8 HIGH |
|
Memory corruption when IOCTL call is invoked from user-space to read board data.
|
|||||
| CVE-2023-33089 | 1 Qualcomm | 456 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 453 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS when processing a NULL buffer while parsing WLAN vdev.
|
|||||
| CVE-2024-45542 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 99 more | 2025-08-11 | N/A | 7.8 HIGH |
|
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
|
|||||
| CVE-2023-43537 | 1 Qualcomm | 224 Ar8035, Ar8035 Firmware, Csr8811 and 221 more | 2025-08-11 | N/A | 6.5 MEDIUM |
|
Information disclosure while handling T2LM Action Frame in WLAN Host.
|
|||||
| CVE-2023-33088 | 1 Qualcomm | 612 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 609 more | 2025-08-11 | N/A | 8.4 HIGH |
|
Memory corruption when processing cmd parameters while parsing vdev.
|
|||||
| CVE-2024-33057 | 1 Qualcomm | 342 Ar8035, Ar8035 Firmware, Csr8811 and 339 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
|
|||||
| CVE-2025-21446 | 1 Qualcomm | 480 Ar8035, Ar8035 Firmware, Ar9380 and 477 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
|
|||||
| CVE-2024-49839 | 1 Qualcomm | 372 Ar8035, Ar8035 Firmware, Csr8811 and 369 more | 2025-08-11 | N/A | 8.2 HIGH |
|
Memory corruption during management frame processing due to mismatch in T2LM info element.
|
|||||
| CVE-2023-33098 | 1 Qualcomm | 526 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 523 more | 2025-08-11 | N/A | 7.5 HIGH |
|
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
|
|||||
| CVE-2023-28539 | 1 Qualcomm | 314 Ar8035, Ar8035 Firmware, Ar9380 and 311 more | 2025-08-11 | N/A | 6.6 MEDIUM |
|
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
|
|||||