User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660
u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail.
Memory corruption due to use after free in Modem while modem initialization.
Memory corruption while processing IOCTL command when device is in power-save state.
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Memory corruption in Automotive Android OS due to improper input validation.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
Memory corruption in Linux while sending DRM request.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption in Automotive due to improper input validation.
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
Memory corruption in WLAN due to use after free
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption due to use after free in trusted application environment.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption in Linux android due to double free while calling unregister provider after register call.
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
Memory corruption in video driver due to type confusion error during video playback
Memory corruption in display due to double free while allocating frame buffer memory
Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields
Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.