Qualcomm ≫ Snapdragon X75 5g Modem-rf System Firmware

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Cryptographic issue while parsing RSA keys in COBR format.

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

memory corruption when an invalid firehose patch command is invoked.

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.