Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Memory corruption in Linux while calling system configuration APIs.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
Memory Corruption while accessing metadata in Display.
Memory corruption due to untrusted pointer dereference in automotive during system call.
Memory corruption when user provides data for FM HCI command control operations.
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.
Memory corruption in Automotive GPU while querying a gsl memory node.
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory Corruption in Core Platform while printing the response buffer in log.
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Memory corruption in RIL while trying to send apdu packet.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Memory corruption when Alternative Frequency offset value is set to 255.
Memory corruption in Linux when the file upload API is called with parameters having large buffer.
Memory corruption in Audio during playback session with audio effects enabled.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Memory corruption while processing frame command IOCTL calls.
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write().
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.
Memory corruption due to stack-based buffer overflow in Core