Qualcomm ≫ Snapdragon X55 5g Modem-rf System Firmware

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Memory corruption when user provides data for FM HCI command control operations.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

Memory corruption when Alternative Frequency offset value is set to 255.

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Cryptographic issue while parsing RSA keys in COBR format.

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).