Qualcomm ≫ Sd460 Firmware

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.