Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption may occur while validating ports and channels in Audio driver.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Memory corruption when there is failed unmap operation in GPU.

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.