Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Memory corruption in Linux while sending DRM request.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.
Memory corruption in modem due to improper length check while copying into memory
Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
Memory correction in modem due to buffer overwrite during coap connection
Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Memory corruption in Core due to improper configuration in boot remapper.
Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto
Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
Memory corruption when keymaster operation imports a shared key.
Memory corruption during session sign renewal request calls in HLOS.
Memory corruption in video while parsing invalid mp2 clip.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption while processing the IOCTL FM HCI WRITE request.
Memory corruption in Automotive Multimedia due to improper access control in HAB.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in HLOS while running playready use-case.
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption in Audio during playback with speaker protection.
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
Memory corruption in WLAN HAL while handling command through WMI interfaces.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in WLAN HAL while parsing WMI command parameters.
Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016