Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption while allocating memory for graphics.
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto
Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.
Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption while verifying the serialized header when the key pairs are generated.
Memory corruption in Automotive Multimedia due to improper access control in HAB.
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption in Kernel while parsing metadata.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
Memory corruption when processing cmd parameters while parsing vdev.
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
Memory corruption in Audio during playback with speaker protection.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory Corruption in Core due to secure memory access by user while loading modem image.
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory corruption in Graphics while importing a file.
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
Memory corruption in Linux Networking due to double free while handling a hyp-assign.
Memory corruption in Automotive Android OS due to improper validation of array index.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables