Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.

Memory corruption while sound model registration for voice activation with audio kernel driver.

Memory corruption in Linux while sending DRM request.

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.

A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660

Memory corruption when invalid input is passed to invoke GPU Headroom API call.

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

Memory corruption in modem due to improper length check while copying into memory

Memory correction in modem due to buffer overwrite during coap connection

Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables

Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

Memory corruption while configuring a Hypervisor based input virtual device.

Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Memory corruption while processing frame packets.

Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

Memory corruption while processing input message passed from FE driver.