Qualcomm ≫ Qca6554a Firmware

Transient DOS while processing 11AZ RTT management action frame received through OTA.

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.

Transient DOS in WLAN Firmware while parsing a BTM request.

Transient DOS in WLAN Firmware while processing a FTMR frame.