Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

Memory corruption during management frame processing due to mismatch in T2LM info element.

Information disclosure while parsing the OCI IE with invalid length.

Memory corruption while reading CPU state data during guest VM suspend.

Memory corruption while power-up or power-down sequence of the camera sensor.

Memory corruption can occur in the camera when an invalid CID is used.

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.