Qualcomm ≫ 215 Firmware

Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption may occur while validating ports and channels in Audio driver.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Memory corruption when Alternative Frequency offset value is set to 255.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.