Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

Memory Corruption while accessing metadata in Display.

Memory corruption in Audio while validating and mapping metadata.

Memory corruption in Audio during playback session with audio effects enabled.

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

Memory Corruption due to improper validation of array index in Linux while updating adn record.

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

Information disclosure in Automotive multimedia due to buffer over-read.

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.

Memory corruption in WLAN while running doDriverCmd for an unspecific command.

Memory corruption in RIL while trying to send apdu packet.

Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption in Automotive Android OS due to improper validation of array index.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.