Memory corruption while processing IPA statistics, when there are no active clients registered.
Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto
Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption while processing the IOCTL FM HCI WRITE request.
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Initial xbl_sec revision does not have all the debug policy features and critical checks.
Memory corruption when kernel driver attempts to trigger hardware fences.
Memory corruption while handling user packets during VBO bind operation.
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
Memory corruption when the IOCTL call is interrupted by a signal.
Memory corruption while releasing shared resources in MinkSocket listener thread.
Memory corruption in Kernel while handling GPU operations.
Memory corruption while processing graphics kernel driver request to create DMA fence.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption while allocating memory for graphics.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile
Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile
Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables