Qualcomm ≫ Qca4004 Firmware

Information disclosure in Kernel due to indirect branch misprediction.

information disclosure due to cryptographic issue in Core during RPMB read request.

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.