Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
Transient DOS while processing IE fragments from server during DTLS handshake.
Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.
Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130
Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Initial xbl_sec revision does not have all the debug policy features and critical checks.
Memory corruption when kernel driver attempts to trigger hardware fences.
Memory corruption while handling user packets during VBO bind operation.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
Memory corruption when the IOCTL call is interrupted by a signal.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Memory corruption in Kernel while handling GPU operations.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Memory corruption while processing graphics kernel driver request to create DMA fence.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption when allocating and accessing an entry in an SMEM partition.
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Memory corruption when keymaster operation imports a shared key.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Memory corruption when there is failed unmap operation in GPU.
Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
Memory corruption while processing key blob passed by the user.
Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Transient DOS while decoding message of size that exceeds the available system memory.
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).
Transient DOS during music playback of ALAC content.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption while allocating memory for graphics.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile
Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile