sm4350_firmware

Memory corruption due to double free in core while initializing the encryption key.

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory corruption in DSP Service during a remote call from HLOS to DSP.

Memory corruption in HLOS while invoking IOCTL calls from user-space.

Memory corruption in Graphics while importing a file.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

Memoru corruption in Audio when ADSP sends input during record use case.

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Memory corruption while using the UIM diag command to get the operators name.