Qualcomm ≫ Wcn3660b Firmware

Memory corruption while processing MFC channel configuration during music playback.

Memory corruption during video playback when video session open fails with time out error.

Memory corruption while processing a GP command response.

Information disclosure while registering commands from clients with diag through diagHal.

Memory corruption while invoking remote procedure IOCTL calls.

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

information disclosure while invoking calibration data from user space to update firmware size.