Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Memory corruption while submitting blob data to kernel space though IOCTL.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while transmitting packet mapping information with invalid header payload size.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption may occur while processing device IO control call for session control.
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Memory corruption while processing message content in eAVB.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Memory corruption when programming registers through virtual CDM.
u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Memory corruption while using the UIM diag command to get the operators name.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Memory corruption in Audio while processing IIR config data from AFE calibration block.
Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
Memory corruption in Audio during playback with speaker protection.
Memory corruption while invoking callback function of AFE from ADSP.
Memory corruption in Kernel while parsing metadata.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption in wearables while processing data from AON.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
Memory corruption while sending SMS from AP firmware.
Memory corruption while parsing the ADSP response command.
Memory corruption while receiving a message in Bus Socket Transport Server.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
Memory corruption in Audio while processing the VOC packet data from ADSP.
Memory corruption when processing cmd parameters while parsing vdev.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
Memory corruption in Core while processing RX intent request.
Memory corruption in Core while processing control functions.