Qualcomm ≫ Snapdragon X55 5g Modem-rf System Firmware

Cryptographic issue while parsing RSA keys in COBR format.

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

memory corruption when an invalid firehose patch command is invoked.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Transient DOS while processing TID-to-link mapping IE elements.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.