Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
Memory corruption while maintaining memory maps of HLOS memory.
Memory corruption while processing user packets to generate page faults.
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.
Memory corruption while accessing a synchronization object during concurrent operations.
Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
Memory corruption while processing IOCTL calls to unmap the buffers.
Memory corruption while processing a config call from userspace.
Memory corruption while processing user buffers.
Memory corruption during concurrent buffer access due to modification of the reference count.
Memory corruption while processing a frame request from user.
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
Memory corruption while processing IOCTL call to get the mapping.
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Memory corruption while processing packet data with exceedingly large packet.
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Page 1+ Next →