Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption while calling the NPU driver APIs concurrently.

Transient DOS may occur while processing the country IE.

Memory corruption may occur while validating ports and channels in Audio driver.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Possible out of bound access in audio module due to lack of validation of user provided input.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption when user provides data for FM HCI command control operations.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption when Alternative Frequency offset value is set to 255.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.