Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Memory Corruption in Core due to secure memory access by user while loading modem image.
While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130
Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.
Memory corruption while processing GPU commands.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption while processing frame packets.
Memory corruption while maintaining memory maps of HLOS memory.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption while station LL statistic handling.
Memory corruption while processing GPU page table switch.
Memory corruption while processing user packets to generate page faults.
Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
Memory corruption while processing IOCTL calls.
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
Memory corruption while processing API calls to NPU with invalid input.
Memory corruption in HAB Memory management due to broad system privileges via physical address.
Memoru corruption in Audio when ADSP sends input during record use case.
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Memory corruption in Core Platform while printing the response buffer in log.
An app with non-privileged access can change global system brightness and cause undesired system behavior.
Memory Corruption while accessing metadata in Display.
Memory corruption in Linux when the file upload API is called with parameters having large buffer.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory Corruption due to improper validation of array index in Linux while updating adn record.
Memory corruption in Audio while validating and mapping metadata.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Memory corruption due to untrusted pointer dereference in automotive during system call.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Improper Access to the VM resource manager can lead to Memory Corruption.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
Memory corruption in Automotive GPU while querying a gsl memory node.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Memory corruption in RIL while trying to send apdu packet.