Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in Audio during playback with speaker protection.
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
Memory corruption while processing an escape call.
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
Memory corruption when malformed message payload is received from firmware.
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption in Audio while running invalid audio recording from ADSP.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in video driver due to type confusion error during video playback
Memory corruption in Core while processing RX intent request.
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
Memory corruption while sending SMS from AP firmware.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption in HLOS while running playready use-case.
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory corruption in Graphics while processing user packets for command submission.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption while parsing the ADSP response command.
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330
Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P
Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P
Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables