Memory corruption when blob structure is modified by user-space after kernel verification.
Memory corruption while submitting blob data to kernel space though IOCTL.
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.
Memory corruption during array access in Camera kernel due to invalid index from invalid command data.
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
Memory corruption may occur while processing message from frontend during allocation.
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
Memory corruption while processing user buffers.
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
Memory corruption while processing frame packets.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.
Memory corruption can occur during context user dumps due to inadequate checks on buffer length.
Memory corruption while reading the FW response from the shared queue.
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
Memory corruption while processing shared command buffer packet between camera userspace and kernel.
Page 1+ Next →