Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption while processing message content in eAVB.
Memory corruption while prociesing command buffer buffer in OPE module.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption when programming registers through virtual CDM.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
Memory corruption during GNSS HAL process initialization.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while parsing the memory map info in IOCTL calls.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption when processing cmd parameters while parsing vdev.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption while processing GPU page table switch.
Memory corruption while handling session errors from firmware.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Memory corruption while processing user packets to generate page faults.
Memory corruption while performing private key encryption in trusted application.
Memory corruption while processing concurrent IOCTL calls.
Memory corruption while processing escape code in API.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption while IOCTL call is invoked from user-space to read board data.
Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption while retrieving the CBOR data from TA.
Memory corruption in display due to double free while allocating frame buffer memory
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
Crafted Binder Request Causes Heap UAF in MediaServer