In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.

In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.

When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.

In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.

In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow.