Summary
| Detail | |||
|---|---|---|---|
| Vendor | Qualcomm | First view | 2024-08-05 |
| Product | qcn9160 Firmware | Last view | 2025-03-03 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:qualcomm:qcn9160_firmware:-:*:*:*:*:*:*:* | 22 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2025-03-03 | CVE-2024-43057 | Memory corruption while processing command in Glink linux. |
| 9.8 | 2025-02-03 | CVE-2024-49839 | Memory corruption during management frame processing due to mismatch in T2LM info element. |
| 7.8 | 2025-02-03 | CVE-2024-45571 | Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. |
| 9.8 | 2025-02-03 | CVE-2024-45569 | Memory corruption while parsing the ML IE due to invalid frame content. |
| 7.5 | 2025-01-06 | CVE-2024-45558 | Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| 7.8 | 2024-12-02 | CVE-2024-33056 | Memory corruption when allocating and accessing an entry in an SMEM partition continuously. |
| 9.8 | 2024-10-07 | CVE-2024-33066 | Memory corruption while redirecting log file to any file location with any file name. |
| 7.5 | 2024-10-07 | CVE-2024-33049 | Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| 7.5 | 2024-09-02 | CVE-2024-33057 | Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| 7.5 | 2024-09-02 | CVE-2024-33050 | Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| 7.5 | 2024-09-02 | CVE-2024-33048 | Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| 7.5 | 2024-08-05 | CVE-2024-33026 | Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. |
| 7.5 | 2024-08-05 | CVE-2024-33025 | Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| 7.5 | 2024-08-05 | CVE-2024-33024 | Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. |
| 7.5 | 2024-08-05 | CVE-2024-33019 | Transient DOS while parsing the received TID-to-link mapping action frame. |
| 7.5 | 2024-08-05 | CVE-2024-33018 | Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. |
| 7.5 | 2024-08-05 | CVE-2024-33015 | Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. |
| 7.5 | 2024-08-05 | CVE-2024-33014 | Transient DOS while parsing ESP IE from beacon/probe response frame. |
| 7.5 | 2024-08-05 | CVE-2024-33013 | Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| 7.5 | 2024-08-05 | CVE-2024-33012 | Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| 7.5 | 2024-08-05 | CVE-2024-33011 | Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| 7.5 | 2024-08-05 | CVE-2024-33010 | Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 76% (16) | CWE-125 | Out-of-bounds Read |
| 14% (3) | CWE-416 | Use After Free |
| 4% (1) | CWE-190 | Integer Overflow or Wraparound |
| 4% (1) | CWE-129 | Improper Validation of Array Index |
