CVE-2024-38403 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2024-38403
Transient DOS while parsing BTM ML IE when per STA profile is not included. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2024-33068 – Use After Free in WLAN Host Communication
https://notcve.org/view.php?id=CVE-2024-33068
Transient DOS while parsing fragments of MBSSID IE from beacon frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-23385 – Reachable Assertion in Modem
https://notcve.org/view.php?id=CVE-2024-23385
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-617: Reachable Assertion •
CVE-2024-20112
https://notcve.org/view.php?id=CVE-2024-20112
This could lead to local denial of service with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-125: Out-of-bounds Read •
CVE-2024-48809
https://notcve.org/view.php?id=CVE-2024-48809
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. • https://gist.github.com/bergen876/5a21f78e266c12aa2586beb2178443b0 https://github.com/onosproject/sdran-in-a-box/issues/206 • CWE-770: Allocation of Resources Without Limits or Throttling •