User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption while handling user packets during VBO bind operation.
Memory corruption during session sign renewal request calls in HLOS.
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
Memory corruption due to double free in core while initializing the encryption key.
Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.
Memory corruption when keymaster operation imports a shared key.
Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in Automotive due to improper input validation.
Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption due to use after free in trusted application environment.
Memory corruption due to use after free in Modem while modem initialization.
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.
Memory corruption in Automotive Android OS due to improper input validation.
Memory corruption in Linux while sending DRM request.
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
Memory corruption in WLAN due to use after free
Memory corruption in Linux android due to double free while calling unregister provider after register call.