In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed

In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.

Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.

Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.

In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964.

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914.

In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542.

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.

In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049.

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020).

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10136671; Issue ID: MSV-4651.

In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).