Qualcomm ≫ Wcn3660b Firmware

Memory corruption in Core Services while executing the command for removing a single event listener.

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

Memory corruption in video while parsing invalid mp2 clip.

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Memory corruption in Audio while processing IIR config data from AFE calibration block.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

Memory corruption in HLOS while converting from authorization token to HIDL vector.

Transient DOS in Audio when invoking callback function of ASM driver.

Information disclosure in Audio while accessing AVCS services from ADSP payload.