Qualcomm » Mdm9640 Firmware : Security Vulnerabilities, CVEs, (Memory corruption)

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

Memory corruption in HLOS while running playready use-case.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption due to stack-based buffer overflow in Core

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.