Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130
Memory corruption in display due to double free while allocating frame buffer memory
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Memory corruption while processing video packets received from video firmware.
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
Memory corruption while performing encryption and decryption commands.
Memory corruption while processing a GP command response.
Memory corruption while processing DDI command calls.
Memory corruption while executing timestamp video decode command with large input values.
Memory corruption during PlayReady APP usecase while processing TA commands.
Memory corruption while processing event close when client process terminates abruptly.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Memory corruption while processing an IOCTL command with an arbitrary address.
Memory corruption during sub-system restart while processing clean-up to free up resources.
Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.
Memory corruption while processing data packets in diag received from Unix clients.
Memory Corruption when multiple threads simultaneously access a memory free API.
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Memory corruption may occur while processing device IO control call for session control.
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Memory corruption while processing message content in eAVB.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption while processing a private escape command in an event trigger.
Memory corruption while calling the NPU driver APIs concurrently.
Memory corruption while processing escape code in API.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption while transmitting packet mapping information with invalid header payload size.
Memory corruption while performing private key encryption in trusted application.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Memory corruption while retrieving the CBOR data from TA.
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Memory corruption in Kernel while handling GPU operations.
Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, MDM9607, MSM8905, MSM8909W, Nicobar, QCS405, QCS605, Rennell, Saipan, SDM429W, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130
Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130
The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, Rennell, SC8180X, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018