Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.
Memory corruption while processing an IOCTL command with an arbitrary address.
Memory corruption during the image encoding process.
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
Memory corruption due to improper bounds check while command handling in camera-kernel driver.
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
Memory corruption while handling IOCTL call from user-space to set latency level.
Memory corruption when the captureRead QDCM command is invoked from user-space.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while processing key blob passed by the user.
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
Memory Corruption in WLAN HOST while fetching TX status information.
Memory corruption while processing escape code in API.
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
Memory Corruption when accessing trusted execution environment without proper privilege check.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Memory Corruption when processing invalid user address with nonstandard buffer address.
Memory corruption while using alignments for memory allocation.
Memory corruption while processing camera TPG write request.
Memory corruption while transmitting packet mapping information with invalid header payload size.
Certain unprivileged processes are able to perform IOCTL calls.
Memory corruption while reading the FW response from the shared queue.
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
Memory corruption while performing private key encryption in trusted application.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Memory corruption may occur due top improper access control in HAB process.
Memory corruption while IOCTL call is invoked from user-space to read board data.
Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.
Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.
Memory corruption while processing message content in eAVB.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption may occur while processing device IO control call for session control.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Memory corruption while copying the result to the transmission queue in EMAC.
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.