Qualcomm ≫ Snapdragon X5 Lte Modem Firmware

Memory corruption in Graphics while importing a file.

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.