Qualcomm ≫ Wcd9385 Firmware

Transient DOS while processing the CU information from RNR IE.

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

Memory corruption while maintaining memory maps of HLOS memory.

Transient DOS while parsing probe response and assoc response frame.

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

Memory corruption while taking snapshot when an offset variable is set by camera driver.