Qualcomm ≫ Qca6678aq Firmware

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.

Transient DOS due to buffer over-read in WLAN Host while parsing frame information.