Qualcomm ≫ Qcm6490 Firmware

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

Cryptographic issue while parsing RSA keys in COBR format.

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

memory corruption when an invalid firehose patch command is invoked.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.