3 matches found
CVE-2025-2857
Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...
Design/Logic Flaw
While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009,...
CVE-2019-10548
CVE-2019-10548 is a heap use-after-free in the datad IPC handle during DPL initialization that can occur if modem SSR happens concurrently, reported for Snapdragon Auto/Compute/IoT/Wearables platforms (list of affected SoCs). The issue is documented with CVSS v2/v3 scores (7.2/7.8, HIGH) and LOCA...