qrb5165n_firmware

Memory corruption in WLAN Host while processing RRM beacon on the AP.

Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption while processing MBSSID beacon containing several subelement IE.

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption in Hypervisor when platform information mentioned is not aligned.

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Memory corruption in HLOS while running playready use-case.