Qualcomm ≫ Wcn3998 Firmware

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.

Memory corruption in Graphics while importing a file.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption due to use after free in Modem while modem initialization.