Memory corruption in Audio when memory map command is executed consecutively in ADSP.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory corruption in Audio while processing IIR config data from AFE calibration block.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
Memory corruption in Audio while running invalid audio recording from ADSP.
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption when processing cmd parameters while parsing vdev.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption while using the UIM diag command to get the operators name.
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption while parsing the ADSP response command.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption in Audio during playback with speaker protection.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in Kernel while parsing metadata.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption in wearables while processing data from AON.
Memory corruption while processing GPU commands.
Memory corruption while processing frame packets.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption while handling session errors from firmware.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption while processing user packets to generate page faults.
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.
Memory Corruption in WLAN HOST while fetching TX status information.
Memory corruption in SPS Application while requesting for public key in sorter TA.