An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
Memory corruption while processing key blob passed by the user.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption during the image encoding process.
Memory corruption while processing escape code in API.
Memory corruption while handling IOCTL call from user-space to set latency level.
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
Memory corruption due to improper bounds check while command handling in camera-kernel driver.
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
Memory Corruption in WLAN HOST while fetching TX status information.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Memory corruption when the captureRead QDCM command is invoked from user-space.
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Initial xbl_sec revision does not have all the debug policy features and critical checks.
Memory corruption when kernel driver attempts to trigger hardware fences.
Memory corruption while handling user packets during VBO bind operation.
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
Memory corruption when the IOCTL call is interrupted by a signal.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Memory corruption in Kernel while handling GPU operations.
Memory corruption while processing graphics kernel driver request to create DMA fence.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Memory corruption when allocating and accessing an entry in an SMEM partition.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Memory corruption when keymaster operation imports a shared key.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
Memory corruption while processing IPA statistics, when there are no active clients registered.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory corruption while allocating memory for graphics.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile
Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables