While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components