Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption while processing frame packets.
Memory corruption in HLOS while running playready use-case.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption while parsing the ADSP response command.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory Corruption when processing invalid user address with nonstandard buffer address.
Memory corruption while processing IOCTL command when device is in power-save state.
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption while allocating memory in COmxApeDec module in Audio.
Memory corruption in WLAN HAL while parsing WMI command parameters.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption when user provides data for FM HCI command control operations.
Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130
Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, QCN7605, QCS405, QCS605, SDA845, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130
If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8016, APQ8096AU, APQ8098, MDM9205, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Memory corruption in TZ Secure OS while loading an app ELF.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
Memory corruption while taking snapshot when an offset variable is set by camera driver.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
Memory corruption when Alternative Frequency offset value is set to 255.
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption while processing audio effects.
Memory corruption in core services when Diag handler receives a command to configure event listeners.