For individuals

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

Transient DOS while parsing the received TID-to-link mapping action frame.

Transient DOS while processing TID-to-link mapping IE elements.

Memory corruption while processing IOCTL call to set metainfo.

Memory corruption while allocating memory in HGSL driver.

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.