Qualcomm ≫ Sa4155p Firmware

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

Memory corruption while reading the FW response from the shared queue.

Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption during concurrent access to server info object due to unprotected critical field.

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.