Qualcomm ≫ Wcn3980 Firmware

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Memory corruption in Graphics while importing a file.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.