Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

Memory corruption while configuring a Hypervisor based input virtual device.

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Memory corruption while processing IOCTL call for getting group info.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.