Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Memory corruption while processing IOCTL calls for escape operations.
Memory corruption while processing multiple IOCTL command for escape operations.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
Memory Corruption when retrieving output buffer with insufficient size validation.
Memory corruption while IOCTL call is invoked from user-space to read board data.
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption while accessing a buffer during IOCTL processing.
In the Linux kernel, the following vulnerability has been resolved:
platform/chrome: fix memory corruption in ioctl
If "s_mem.bytes" is larger than the buffer size it leads to memory
corruption.
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Memory corruption while invoking IOCTL map buffer request from userspace.
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
Page 1+ Next →