Qualcomm ≫ Qca6696 Firmware

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

Memory corruption while processing message in guest VM.

Memory corruption while processing data sent by FE driver.

Memory corruption while handling repeated memory unmap requests from guest VM.

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.

Memory corruption while selecting the PLMN from SOR failed list.

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

information disclosure while invoking calibration data from user space to update firmware size.