A crafted system call argument can cause memory corruption.
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
Memory Corruption when accessing buffers with invalid length during TA invocation.
Memory Corruption when processing display command line information due to improper initialization of a variable.
memory corruption when an invalid firehose patch command is invoked.
Memory corruption while processing a frame request from user.
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may a
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Memory corruption while performing SCM call with malformed inputs.
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory corruption can occur during context user dumps due to inadequate checks on buffer length.
Memory corruption may occur while accessing a variable during extended back to back tests.
Memory corruption while invoking remote procedure IOCTL calls.
Memory Corruption when multiple threads concurrently access and modify shared resources.
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
Page 1+ Next →