Qualcomm ≫ Qcs405 Firmware

Possible out of bound access in audio module due to lack of validation of user provided input.

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.