Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
Memory corruption while sound model registration for voice activation with audio kernel driver.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
Memory corruption while accessing a buffer during IOCTL processing.
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption while encoding JPEG format.
Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.
Memory corruption during concurrent access to server info object due to incorrect reference count update.
Memory corruption while handling IOCTL call from user-space to set latency level.
A race condition exists in a driver potentially leading to a use-after-free condition.
Memory Corruption when multiple threads simultaneously access a memory free API.
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Memory corruption while deinitializing a HDCP session.
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
Memory corruption while encoding the image data.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Memory corruption while invoking remote procedure IOCTL calls.
Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.
Memory corruption while handling repeated memory unmap requests from guest VM.
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Memory corruption while processing MFC channel configuration during music playback.
Memory corruption while handling IOCTL calls to set mode.
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
Memory corruption during concurrent buffer access due to modification of the reference count.
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW
Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Memory corruption during sub-system restart while processing clean-up to free up resources.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Memory corruption while processing the TESTPATTERNCONFIG escape path.
Memory corruption while executing timestamp video decode command with large input values.
Memory corruption while performing encryption and decryption commands.
Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption while processing commands from A2dp sink command queue.