Memory Corruption when handling power management requests with improperly sized input/output buffers.
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
Memory Corruption when retrieving output buffer with insufficient size validation.
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
Cryptographic issue while copying data to a destination buffer without validating its size.
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
Memory corruption while processing a frame request from user.
Memory corruption while preprocessing IOCTL request in JPEG driver.
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
Memory corruption while using alignments for memory allocation.
Memory Corruption when processing invalid user address with nonstandard buffer address.
Memory Corruption when adding user-supplied data without checking available buffer space.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Memory Corruption when accessing trusted execution environment without proper privilege check.
Transient DOS when MAC configures config id greater than supported maximum value.
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
Memory Corruption when accessing buffers with invalid length during TA invocation.
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
Transient DOS when processing a received frame with an excessively large authentication information element.
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Memory corruption while calculating offset from partition start point.
Memory corruption when calculating oversized partition sizes without proper checks.
Memory Corruption when multiple threads simultaneously access a memory free API.
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
Memory corruption when accessing resources in kernel driver.
Memory corruption while passing pages to DSP with an unaligned starting address.
Memory corruption while preprocessing IOCTLs in sensors.
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
Memory Corruption when multiple threads concurrently access and modify shared resources.
Memory corruption while processing identity credential operations in the trusted application.