Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

Transient DOS while parsing per STA profile in ML IE.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption during the FRS UDS generation process.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

Memory corruption while reading secure file.

Transient DOS may occur while processing the country IE.

Memory corruption in display driver while detaching a device.

Memory corruption while processing command in Glink linux.

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

Information disclosure while deriving keys for a session for any Widevine use case.

Memory corruption during management frame processing due to mismatch in T2LM info element.

Information disclosure while parsing the OCI IE with invalid length.

Memory corruption while power-up or power-down sequence of the camera sensor.

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

Memory corruption while parsing the ML IE due to invalid frame content.

Memory corruption while configuring a Hypervisor based input virtual device.

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.