Qualcomm ≫ Srv1m Firmware

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

Memory corruption in Automotive Multimedia due to improper access control in HAB.

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Memory corruption in Audio while processing IIR config data from AFE calibration block.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

Memory corruption in Core while processing control functions.

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

Memory corruption in HLOS while converting from authorization token to HIDL vector.