Author: Cyberthreat Blog

In an ioctl handler in all Qualcomm products with Android releases form CAF using the Linux kernel, if a user supplies a value too large, then an out-of-bounds read occurs.

When a control related to codec is issued from userspace in all Qualcomm products with Android release from CAF using the Linux kernel, the type casting is done to the container structure instead of the codec’s individual...

In a display driver in all Qualcomm products with Android releases from CAF using the Linux kernel, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap...

In an ioctl handler in all Qualcomm products with Android releases from CAF using the Linux kernel, several sanity checks are missing which can lead to out-of-bounds accesses.

In a sound driver in all Qualcomm products with Android releases from CAF using the Linux kernel, some variables are from userspace and values can be chosen that could result in stack overflow.