Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
Memory corruption while power-up or power-down sequence of the camera sensor.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
Memory corruption while processing camera TPG write request.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory Corruption in HLOS while registering for key provisioning notify.
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW
Certain unprivileged processes are able to perform IOCTL calls.
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs.
u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Memory Corruption in Audio while playing amrwbplus clips with modified content.
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory corruption in Linux while calling system configuration APIs.
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.
Memory corruption in Audio during playback session with audio effects enabled.
Memory corruption in Graphics while importing a file.
Memory corruption in RIL while trying to send apdu packet.
Memory corruption in Core Platform while printing the response buffer in log.
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory corruption in HAB Memory management due to broad system privileges via physical address.
Improper Access to the VM resource manager can lead to Memory Corruption.
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
Memory Corruption due to improper validation of array index in Linux while updating adn record.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.
Memory corruption in Audio while validating and mapping metadata.
Memory corruption in Linux when the file upload API is called with parameters having large buffer.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Memory Corruption while accessing metadata in Display.
Memory corruption in Trusted Execution Environment while calling service API with invalid address.