Memory corruption due to improper bounds check while command handling in camera-kernel driver.
Memory corruption while encoding JPEG format.
Memory corruption during concurrent buffer access due to modification of the reference count.
Memory corruption when blob structure is modified by user-space after kernel verification.
Memory corruption during concurrent access to server info object due to incorrect reference count update.
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.
Memory corruption during concurrent access to server info object due to unprotected critical field.
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
Information disclosure while creating MQ channels.
Memory corruption while processing IOCTL calls to add route entry in the HW.
Memory corruption while accessing MSM channel map and mixer functions.
Memory corruption while invoking IOCTL map buffer request from userspace.
Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
Memory corruption while handling file descriptor during listener registration/de-registration.
Cryptographic issues while generating an asymmetric key pair for RKP use cases.
There may be information disclosure during memory re-allocation in TZ Secure OS.
Memory corruption while calling the NPU driver APIs concurrently.
Transient DOS may occur while processing the country IE.
Memory corruption in display driver while detaching a device.
Memory corruption may occur while accessing a variable during extended back to back tests.
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption while processing command in Glink linux.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
While processing the authentication message in UE, improper authentication may lead to information disclosure.
Memory corruption while power-up or power-down sequence of the camera sensor.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
Memory corruption while handling IOCTL call from user-space to set latency level.
Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.
Memory corruption while parsing the memory map info in IOCTL calls.
Information disclosure while processing IO control commands.
Information disclosure during audio playback.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
Memory corruption while processing API calls to NPU with invalid input.
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.