Qualcomm ≫ Fastconnect 6900 Firmware

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va w...

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

Memory corruption in Linux while calling system configuration APIs.

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

An app with non-privileged access can change global system brightness and cause undesired system behavior.

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.