Qualcomm ≫ Msm8996au Firmware

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Information disclosure during audio playback.

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption when user provides data for FM HCI command control operations.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.