Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
Memory corruption during the network scan request.
Memory corruption in Multimedia Framework due to unsafe access to the data members
Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields
Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in video driver due to type confusion error during video playback
Certain unprivileged processes are able to perform IOCTL calls.
Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables
Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.
Memory corruption in display due to double free while allocating frame buffer memory
Memory corruption when more scan frequency list or channels are sent from the user space.
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory corruption due to improper bounds check while command handling in camera-kernel driver.
Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
Memory corruption in diagnostic services due to absence of input validation
Memory Corruption when sending random number generator command with insufficient output buffer size.
Memory corruption in windows drivers while sending incorrect trusted application request
Memory corruption can occur during context user dumps due to inadequate checks on buffer length.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption while sending SMS from AP firmware.
Memory corruption in Audio while processing IIR config data from AFE calibration block.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption while processing audio effects.
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
Memory corruption in Linux while calling system configuration APIs.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
Memory corruption in RIL while trying to send apdu packet.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.