Summary
| Detail | |||
|---|---|---|---|
| Vendor | Qualcomm | First view | 2021-01-21 |
| Product | qcn5022 Firmware | Last view | 2025-03-03 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:* | 218 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2025-03-03 | CVE-2024-43057 | Memory corruption while processing command in Glink linux. |
| 9.8 | 2025-02-03 | CVE-2024-49839 | Memory corruption during management frame processing due to mismatch in T2LM info element. |
| 7.8 | 2025-02-03 | CVE-2024-45571 | Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. |
| 9.8 | 2025-02-03 | CVE-2024-45569 | Memory corruption while parsing the ML IE due to invalid frame content. |
| 7.5 | 2025-01-06 | CVE-2024-45558 | Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| 8.2 | 2024-10-07 | CVE-2024-33073 | Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| 9.8 | 2024-10-07 | CVE-2024-33066 | Memory corruption while redirecting log file to any file location with any file name. |
| 7.5 | 2024-10-07 | CVE-2024-33049 | Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| 7.5 | 2024-09-02 | CVE-2024-33057 | Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| 7.5 | 2024-09-02 | CVE-2024-33050 | Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| 7.5 | 2024-09-02 | CVE-2024-33048 | Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| 7.5 | 2024-08-05 | CVE-2024-33026 | Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. |
| 7.5 | 2024-08-05 | CVE-2024-33025 | Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| 7.5 | 2024-08-05 | CVE-2024-33024 | Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. |
| 7.5 | 2024-08-05 | CVE-2024-33019 | Transient DOS while parsing the received TID-to-link mapping action frame. |
| 7.5 | 2024-08-05 | CVE-2024-33018 | Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. |
| 7.5 | 2024-08-05 | CVE-2024-33015 | Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. |
| 7.5 | 2024-08-05 | CVE-2024-33014 | Transient DOS while parsing ESP IE from beacon/probe response frame. |
| 7.5 | 2024-08-05 | CVE-2024-33013 | Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| 7.5 | 2024-08-05 | CVE-2024-33012 | Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| 7.5 | 2024-08-05 | CVE-2024-33011 | Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| 7.5 | 2024-08-05 | CVE-2024-33010 | Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
| 7.5 | 2024-08-05 | CVE-2024-21467 | Information disclosure while handling beacon probe frame during scan entry generation in client side. |
| 7.5 | 2024-08-05 | CVE-2024-21459 | Information disclosure while handling beacon or probe response frame in STA. |
| 7.8 | 2024-07-01 | CVE-2024-23368 | Memory corruption when allocating and accessing an entry in an SMEM partition. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 38% (80) | CWE-125 | Out-of-bounds Read |
| 14% (29) | CWE-787 | Out-of-bounds Write |
| 7% (16) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 7% (15) | CWE-416 | Use After Free |
| 5% (12) | CWE-617 | Reachable Assertion |
| 4% (10) | CWE-190 | Integer Overflow or Wraparound |
| 3% (8) | CWE-476 | NULL Pointer Dereference |
| 3% (8) | CWE-129 | Improper Validation of Array Index |
| 3% (7) | CWE-20 | Improper Input Validation |
| 2% (6) | CWE-287 | Improper Authentication |
| 2% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 1% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (2) | CWE-362 | Race Condition |
| 0% (1) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-212 | Improper Cross-boundary Removal of Sensitive Data |
| 0% (1) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (1) | CWE-200 | Information Exposure |
