Qualcomm ≫ Wcn3980 Firmware

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption due to use after free in Modem while modem initialization.

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.