Memory corruption in Linux Networking due to double free while handling a hyp-assign.
Memory corruption when kernel driver attempts to trigger hardware fences.
A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.
Memory corruption when keymaster operation imports a shared key.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption while allocating memory for graphics.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption in Kernel while handling GPU operations.
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption when allocating and accessing an entry in an SMEM partition.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.
Memory corruption due to use after free in trusted application environment.
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory corruption in Automotive due to improper input validation.
Memory corruption due to use after free in Modem while modem initialization.
Memory corruption while processing key blob passed by the user.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto
Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music