Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Transient DOS while parsing probe response and assoc response frame.

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Memory corruption while redirecting log file to any file location with any file name.

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

Information disclosure while parsing sub-IE length during new IE generation.

Transient DOS while loading the TA ELF file.

Information disclosure while handling SA query action frame.

INformation disclosure while handling Multi-link IE in beacon frame.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS while processing 11AZ RTT management action frame received through OTA.

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.