The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption while using the UIM diag command to get the operators name.
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
Memory corruption while parsing the ADSP response command.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption in TZ Secure OS while loading an app ELF.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption while allocating memory in COmxApeDec module in Audio.
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN handler while processing PhyID in Tx status handler.
Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
Cryptographic issue in HLOS during key management.
Memory corruption while processing audio effects.
Memory corruption in Core Services while executing the command for removing a single event listener.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, IPQ8074, MDM9150, MDM9650, MDM9655, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA8081, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130
Memory corruption while processing GPU commands.
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption may occur during communication between primary and guest VM.
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.
Memory corruption may occur due to improper input validation in clock device.
Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.
Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine.
Memory corruption while operating the mailbox in Automotive.
Memory corruption may occur while accessing a variable during extended back to back tests.
Memory corruption while processing input message passed from FE driver.
Memory corruption in display driver while detaching a device.
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24
Memory corruption while power-up or power-down sequence of the camera sensor.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption while reading CPU state data during guest VM suspend.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.