Memory corruption when allocating and accessing an entry in an SMEM partition.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS in WLAN Firmware while parsing a BTM request.

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Memory corruption when processing cmd parameters while parsing vdev.

Memory corruption in WLAN Host while processing RRM beacon on the AP.

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

Transient DOS in WLAN Firmware while parsing rsn ies.

Transient DOS in WLAN Firmware while parsing a NAN management frame.

Transient DOS in Modem while allocating DSM items.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN HAL while parsing WMI command parameters.