Memory corruption when the IOCTL call is interrupted by a signal.

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Memory corruption while playing audio file having large-sized input buffer.

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Memory corruption when the channel ID passed by user is not validated and further used.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when size of buffer from previous call is used without validation or re-initialization.

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

Memory corruption while verifying the serialized header when the key pairs are generated.

Memory corruption in HLOS while checking for the storage type.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

Information disclosure while parsing dts header atom in Video.

Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.

Memory corruption while copying the sound model data from user to kernel buffer during sound model register.

Memory corruption when the bandpass filter order received from AHAL is not within the expected range.

Memory corruption when multiple listeners are being registered with the same file descriptor.

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.