Memory corruption while validating number of devices in Camera kernel .
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls.
Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.
Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto
Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption while operating the mailbox in Automotive.
Memory corruption while power-up or power-down sequence of the camera sensor.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
Memory corruption can occur in the camera when an invalid CID is used.
Memory corruption during array access in Camera kernel due to invalid index from invalid command data.
A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150
Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.
Memory corruption while processing user packets to generate page faults.
Memory corruption while parsing the memory map info in IOCTL calls.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption while processing GPU commands.
Memory corruption while station LL statistic handling.
Memory corruption in core services when Diag handler receives a command to configure event listeners.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory Corruption in WLAN HOST while fetching TX status information.
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto
Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption while handling session errors from firmware.
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Memory corruption while processing frame packets.
Memory corruption while processing IOCTL call to set metainfo.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.