In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the deb

A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.

In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partitio

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.

A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.

An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.