Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
Memory corruption during GNSS HAL process initialization.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption while handling session errors from firmware.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Memory corruption while processing user packets to generate page faults.
Memory corruption while processing concurrent IOCTL calls.
Memory corruption while processing command in Glink linux.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
Crafted Binder Request Causes Heap UAF in MediaServer
Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.
Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
Memory corruption while processing IOCTL calls to unmap the buffers.
Memory corruption while processing commands from A2dp sink command queue.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Memory corruption while processing frame command IOCTL calls.
Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
Memory corruption in Graphics while processing user packets for command submission.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.
Memory corruption when the IOCTL call is interrupted by a signal.
Memory corruption while processing graphics kernel driver request to create DMA fence.
Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
Memory corruption when kernel driver attempts to trigger hardware fences.
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory corruption when there is failed unmap operation in GPU.
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking