Memory corruption when malformed message payload is received from firmware.
Memory corruption in Automotive Multimedia due to improper access control in HAB.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption may occur during communication between primary and guest VM.
Memory Corruption in Core Platform while printing the response buffer in log.
Memory corruption while receiving a message in Bus Socket Transport Server.
Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption in HLOS while running playready use-case.
Memory corruption while parsing the ADSP response command.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.
A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption while processing audio effects.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Memory corruption due to untrusted pointer dereference in automotive during system call.
Memory corruption in Audio during playback session with audio effects enabled.
Memory corruption in Linux while calling system configuration APIs.
Memory Corruption while accessing metadata in Display.
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.
Memory corruption in Automotive GPU while querying a gsl memory node.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.