Qualcomm ≫ C-v2x 9150 Firmware

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory Corruption in WLAN HOST while fetching TX status information.

Memory corruption due to double free in Core while mapping HLOS address to the list.

Transient DOS due to improper authorization in Modem