Memory corruption while reading the FW response from the shared queue.
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption while processing escape code in API.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Memory corruption while submitting blob data to kernel space though IOCTL.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while transmitting packet mapping information with invalid header payload size.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Memory corruption while processing message content in eAVB.
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Memory corruption when programming registers through virtual CDM.
u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Memory corruption while using the UIM diag command to get the operators name.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in Audio while processing IIR config data from AFE calibration block.
Memory corruption in Audio while running invalid audio recording from ADSP.
Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in Audio during playback with speaker protection.
Memory corruption while invoking callback function of AFE from ADSP.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption in wearables while processing data from AON.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption while sending SMS from AP firmware.
Memory corruption while parsing the ADSP response command.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption in Audio when memory map command is executed consecutively in ADSP.