Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption in Linux android due to double free while calling unregister provider after register call.

Memory corruption can occur during context user dumps due to inadequate checks on buffer length.

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption due to improper bounds check while command handling in camera-kernel driver.

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.

Memory corruption while processing IOCTL calls to unmap the buffers.

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.

Memory corruption in Audio due to incorrect type cast during audio use-cases.

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

Memory corruption due to untrusted pointer dereference in automotive during system call.

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Memory corruption while reading ACPI config through the user mode app.

Memory corruption in video while parsing invalid mp2 clip.