Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

Memory corruption in DSP Service during a remote call from HLOS to DSP.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption while allocating memory in COmxApeDec module in Audio.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM