Transient DOS in WLAN Firmware while parsing FT Information Elements.

Transient DOS in WLAN Firmware while processing frames with missing header fields.

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Information disclosure in Kernel due to indirect branch misprediction.

Memory corruption due to double free in Core while mapping HLOS address to the list.

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Memory corruption due to double free in core while initializing the encryption key.

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

Information disclosure in modem due to improper check of IP type while processing DNS server query

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.