Qualcomm ≫ Snapdragon 429 Mobile Platform Firmware

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

Memory corruption in Audio while processing IIR config data from AFE calibration block.