Qualcomm ≫ Qca9367 Firmware

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when the bandpass filter order received from AHAL is not within the expected range.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

Memory corruption when there is failed unmap operation in GPU.

Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Memory corruption in Audio while processing IIR config data from AFE calibration block.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.