qca6688aq_firmware

Memory corruption while parsing the ML IE due to invalid frame content.

Cryptographic issue occurs due to use of insecure connection method while downloading.

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Cryptographic issue may occur while encrypting license data.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while processing user packets to generate page faults.

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

Memory corruption while processing IOCTL call to set metainfo.

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.