Qualcomm ≫ Wsa8830 Firmware

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

Memory corruption while processing IOCTL call for getting group info.

Memory corruption when user provides data for FM HCI command control operations.

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption while processing concurrent IOCTL calls.

Memory corruption when the captureRead QDCM command is invoked from user-space.