Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption when user provides data for FM HCI command control operations.
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory corruption while processing IOCTL call to set metainfo.
Memory corruption when the captureRead QDCM command is invoked from user-space.
Memory corruption while processing frame command IOCTL calls.
Memory corruption when Alternative Frequency offset value is set to 255.
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
Memory corruption while taking snapshot when an offset variable is set by camera driver.
Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption while handling user packets during VBO bind operation.
Memory corruption during session sign renewal request calls in HLOS.
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
Memory corruption when keymaster operation imports a shared key.
Memory corruption when allocating and accessing an entry in an SMEM partition.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Memory corruption when the IOCTL call is interrupted by a signal.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption while processing key blob passed by the user.
Memory corruption while allocating memory for graphics.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption during array access in Camera kernel due to invalid index from invalid command data.
Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables