Qualcomm ≫ Wcn3980 Firmware

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Transient DOS due to buffer over-read in WLAN while sending a packet to device.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in Automotive Android OS due to improper validation of array index.