Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in S…

Memory corruption due to improper check to return error when user application requests memory a…

Possible use after free due to improper handling of memory mapping of multiple processes simult…

Memory corruption while using alignments for memory allocation.

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL c…

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_K…

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sen…

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Memory corruption while maintaining memory maps of HLOS memory.

Memory corruption due to unauthorized command execution in GPU micronode while executing specif…

Transient DOS in Bluetooth Host while rfc slot allocation.

Improper handling of address deregistration on failure can lead to new GPU address allocation f…

Possible use after free when process shell memory is freed using IOCTL munmap call and process …

Use after free in graphics fence due to a race condition while closing fence file descriptor an…

Possible buffer overflow due to lack of offset length check while updating the buffer value in …

Memory corruption due to unauthorized command execution in GPU micronode while executing specif…

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and…

Transient DOS may occur while processing the country IE.

Possible buffer overflow due to improper validation of buffer length while processing fast boot…

Memory corruption while processing user packets to generate page faults.

Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon …