Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

Information Disclosure in WLAN Host when processing WMI event command.

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory Corruption in WLAN HOST while fetching TX status information.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to use after free

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Transient DOS due to buffer over-read in WLAN Host while parsing frame information.