Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
Memory corruption when multiple listeners are being registered with the same file descriptor.
Memory corruption when malformed message payload is received from firmware.
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
Memory corruption in Automotive Multimedia due to improper access control in HAB.
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
Memory corruption while invoking HGSL IOCTL context create.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption may occur during communication between primary and guest VM.
Memory Corruption in Core Platform while printing the response buffer in log.
Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption in Graphics while processing user packets for command submission.
Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption in HLOS while running playready use-case.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
Memory corruption while parsing the ADSP response command.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
Crafted Binder Request Causes Heap UAF in MediaServer
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption while processing audio effects.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto
Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.