Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Memory corruption while parsing the memory map info in IOCTL calls.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Information disclosure while handling beacon or probe response frame in STA.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

Memory corruption when there is failed unmap operation in GPU.

Memory corruption while processing finish_sign command to pass a rsp buffer.