Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
Memory Corruption in Core due to secure memory access by user while loading modem image.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
Memory Corruption in Audio while allocating the ion buffer during the music playback.
Memory Corruption in camera while installing a fd for a particular DMA buffer.
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
Memory corruption in Audio during playback session with audio effects enabled.
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Memory corruption in Linux when the file upload API is called with parameters having large buffer.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.
Memory corruption in Trusted Execution Environment while calling service API with invalid address.
Memory corruption in Automotive GPU while querying a gsl memory node.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
Memory Corruption due to improper validation of array index in Linux while updating adn record.
Memory Corruption in Core during syscall for Sectools Fuse comparison feature.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
An app with non-privileged access can change global system brightness and cause undesired system behavior.
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
Memory corruption in Core Platform while printing the response buffer in log.
Memory corruption in Linux while calling system configuration APIs.
Memoru corruption in Audio when ADSP sends input during record use case.
Memory corruption in RIL while trying to send apdu packet.
Improper Access to the VM resource manager can lead to Memory Corruption.
Memory corruption in Audio while validating and mapping metadata.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.
Memory corruption in HAB Memory management due to broad system privileges via physical address.
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
Memory Corruption while accessing metadata in Display.
Memory corruption in Graphics while importing a file.
Memory corruption while processing a GP command response.
Memory corruption while taking snapshot when an offset variable is set by camera driver.
Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
Memory corruption while calling the NPU driver APIs concurrently.
Memory corruption while submitting blob data to kernel space though IOCTL.
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption while reading CPU state data during guest VM suspend.