Qualcomm ≫ Wcn3988 Firmware

Transient DOS while processing video packets received from video firmware.

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

Memory corruption due to global buffer overflow when a test command uses an invalid payload type.

Memory corruption while selecting the PLMN from SOR failed list.

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

information disclosure while invoking calibration data from user space to update firmware size.

Memory corruption while performing private key encryption in trusted application.

Cryptographic issue while performing RSA PKCS padding decoding.