Qualcomm ≫ Vision Intelligence 400 Firmware

Memory corruption while configuring a Hypervisor based input virtual device.

Memory corruption when user provides data for FM HCI command control operations.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

Memory corruption when Alternative Frequency offset value is set to 255.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.