Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845
u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130
Memory corruption while processing video packets received from video firmware.
Memory corruption during PlayReady APP usecase while processing TA commands.
Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption while processing message content in eAVB.
Memory corruption while prociesing command buffer buffer in OPE module.
Memory corruption when programming registers through virtual CDM.
Memory corruption while loading an ELF segment in TEE Kernel.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption when processing cmd parameters while parsing vdev.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption in Audio while running invalid audio recording from ADSP.
Memory corruption in Audio while processing RT proxy port register driver.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption while receiving a message in Bus Socket Transport Server.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
Memory corruption in HLOS while running playready use-case.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
Memory corruption in Core while processing control functions.
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
Memory corruption in Core while processing RX intent request.
Memory corruption in Graphics while processing user packets for command submission.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption in Kernel while parsing metadata.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
Memory corruption while invoking callback function of AFE from ADSP.
Memory corruption while sending SMS from AP firmware.
Memory corruption while performing private key encryption in trusted application.
Memory corruption while processing escape code in API.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130