Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Memory corruption during concurrent access to server info object due to incorrect reference count update.
Memory corruption while encoding JPEG format.
Memory corruption while processing command in Glink linux.
Memory corruption while handling file descriptor during listener registration/de-registration.
Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption while processing IOCTL calls to unmap the buffers.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Memory corruption during GNSS HAL process initialization.
Memory corruption while processing concurrent IOCTL calls.
Memory corruption while parsing the memory map info in IOCTL calls.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption while station LL statistic handling.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory Corruption in WLAN HOST while fetching TX status information.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.
Improper input validation on input which is used as an array index will lead to an out of bounds issue while processing AP find event from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 625, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24, SM7150
Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto
memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Memory corruption while processing frame packets.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
Memory corruption while processing IOCTL call to set metainfo.