Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
Memory corruption in Automotive GPU while querying a gsl memory node.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption in Core due to stack-based buffer overflow.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption in core due to stack-based buffer overflow
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption while processing control commands in the virtual memory management interface.
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption while prociesing command buffer buffer in OPE module.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption during GNSS HAL process initialization.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while parsing the memory map info in IOCTL calls.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption when processing cmd parameters while parsing vdev.
Memory corruption while processing IOCTL call for getting group info.
Memory corruption while processing GPU page table switch.
Memory corruption while handling session errors from firmware.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Memory corruption while configuring a Hypervisor based input virtual device.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Memory corruption while processing user packets to generate page faults.
Memory corruption while processing concurrent IOCTL calls.
Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Memory corruption while processing command in Glink linux.
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Memory corruption in display due to double free while allocating frame buffer memory
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
Crafted Binder Request Causes Heap UAF in MediaServer
Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in wearables while processing data from AON.
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking
Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields