Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory Corruption in WLAN HOST while fetching TX status information.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Transient DOS due to improper authorization in Modem

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.