Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption while copying the sound model data from user to kernel buffer during sound model register.
Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.
Memory corruption when the bandpass filter order received from AHAL is not within the expected range.
Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.
Memory Corruption in Core Platform while printing the response buffer in log.
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto
Memory corruption in Core while processing control functions.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in Audio while processing IIR config data from AFE calibration block.
Memory corruption in HLOS while running playready use-case.
Memory corruption while sending SMS from AP firmware.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in wearables while processing data from AON.
Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption while processing audio effects.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory Corruption in SPS Application while exporting public key in sorter TA.
Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music
Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Memory corruption in Linux when the file upload API is called with parameters having large buffer.
Memory corruption in Core Platform while printing the response buffer in log.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Memory corruption can occur during context user dumps due to inadequate checks on buffer length.
Memory corruption while processing an IOCTL call to set mixer controls.
Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.
Memory corruption when IOCTL call is invoked from user-space to read board data.
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.