Memory corruption while handling payloads from remote ESL.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in TZ Secure OS while loading an app ELF.
Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto
Possible out of bounds write due to improper input validation while processing DO_ACS vendor command in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption while handling session errors from firmware.
Memory corruption while processing frame packets.
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
Memory corruption while handling the PDR in driver for getting the remote heap maps.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory corruption in Modem while processing security related configuration before AS Security Exchange.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
Memory Corruption in HLOS while registering for key provisioning notify.
Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Memory corruption in Linux while calling system configuration APIs.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
Memory Corruption while accessing metadata in Display.
Memory corruption due to untrusted pointer dereference in automotive during system call.
Memory corruption when user provides data for FM HCI command control operations.
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.
Memory corruption in Automotive GPU while querying a gsl memory node.
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory Corruption in Core Platform while printing the response buffer in log.