Memory corruption in core due to stack-based buffer overflow
Memory corruption during the FRS UDS generation process.
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption while sound model registration for voice activation with audio kernel driver.
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto
Memory corruption in Automotive Android OS due to improper input validation.
Memory corruption in Linux while sending DRM request.
Memory corruption in Automotive due to improper input validation.
Memory corruption may occur during communication between primary and guest VM.
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption while processing audio effects.
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
Memory Corruption in HLOS while registering for key provisioning notify.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music