Memory corruption in Audio during playback with speaker protection.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Memory corruption in Graphics while importing a file.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Information Disclosure in Graphics during GPU context switch.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.