Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while parsing WMI command parameters.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Memory corruption due to stack-based buffer overflow in Core
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.
Memory corruption in Automotive Android OS due to improper validation of array index.
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory corruption in core due to stack-based buffer overflow
Memory corruption due to improper validation of array index in Audio.
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory corruption in Linux Networking due to double free while handling a hyp-assign.
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory Corruption in HLOS while registering for key provisioning notify.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.
Memory corruption due to use after free in trusted application environment.
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.