Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption while allocating memory in COmxApeDec module in Audio.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory Corruption in WLAN HOST while fetching TX status information.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory Corruption in Audio while allocating the ion buffer during the music playback.

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Information disclosure in Kernel due to indirect branch misprediction.

Memory corruption due to double free in Core while mapping HLOS address to the list.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory corruption in Graphics while importing a file.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.