Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile
Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
Memory corruption while processing IOCTL calls.
Memory corruption in Graphics while importing a file.
Memory corruption in Trusted Execution Environment while calling service API with invalid address.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto
Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
Memory corruption in Audio due to incorrect type cast during audio use-cases.
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.
Initial xbl_sec revision does not have all the debug policy features and critical checks.
Memory corruption when kernel driver attempts to trigger hardware fences.
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
Memory corruption while handling user packets during VBO bind operation.
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
Memory corruption when the IOCTL call is interrupted by a signal.
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Memory corruption in Kernel while handling GPU operations.
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
memory corruption when WiFi display APIs are invoked with large random inputs.
Memory corruption while processing graphics kernel driver request to create DMA fence.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption when allocating and accessing an entry in an SMEM partition.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Memory corruption when keymaster operation imports a shared key.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
Memory corruption while processing key blob passed by the user.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption while allocating memory for graphics.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables