In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.
Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto
Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption while handling session errors from firmware.
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Memory corruption while processing frame packets.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
Memory corruption while processing IOCTL call to set metainfo.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption when the captureRead QDCM command is invoked from user-space.
Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables
Memory corruption while processing GPU page table switch.
Memory corruption while allocating memory in HGSL driver.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption while taking snapshot when an offset variable is set by camera driver.
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory Corruption in HLOS while registering for key provisioning notify.
Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Memory corruption in Core Platform while printing the response buffer in log.
Memory corruption in Linux while calling system configuration APIs.
Memoru corruption in Audio when ADSP sends input during record use case.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.