Memory corruption during GNSS HAL process initialization.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while processing GPU commands.

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

Memory corruption while handling session errors from firmware.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing the CU information from RNR IE.

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Memory corruption while maintaining memory maps of HLOS memory.

Memory corruption while processing user packets to generate page faults.

Transient DOS while parsing probe response and assoc response frame.

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.

Memory corruption during the network scan request.

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Memory corruption while processing IOCTL call for getting group info.