Qualcomm ≫ Sdx57m Firmware

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.

Memory corruption due to double free in core while initializing the encryption key.

Transient DOS in modem due to reachable assertion.

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response