Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Information disclosure while handling beacon or probe response frame in STA.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

Information disclosure while parsing sub-IE length during new IE generation.

Transient DOS while loading the TA ELF file.

Information disclosure while handling SA query action frame.

INformation disclosure while handling Multi-link IE in beacon frame.

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

Information disclosure while handling T2LM Action Frame in WLAN Host.

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Memory corruption while redirecting log file to any file location with any file name.

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

Memory corruption while processing MBSSID beacon containing several subelement IE.