Memory corruption while processing the IOCTL FM HCI WRITE request.
Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.
Memory corruption in Automotive Multimedia due to improper access control in HAB.
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
Memory corruption while verifying the serialized header when the key pairs are generated.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Memory corruption when more scan frequency list or channels are sent from the user space.
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
Memory corruption while reading ACPI config through the user mode app.
Memory corruption in HLOS while checking for the storage type.
Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.
Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.
Memory corruption in Linux while sending DRM request.
Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
Memory corruption in Linux android due to double free while calling unregister provider after register call.
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
Memory corruption due to use after free in trusted application environment.
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption in Kernel while parsing metadata.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in Audio while running invalid audio recording from ADSP.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.