Qualcomm ≫ Qcs8155 Firmware

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Information disclosure in DSP Services while loading dynamic module.

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.