Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when there is failed unmap operation in GPU.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

Memory corruption in HLOS while converting from authorization token to HIDL vector.

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

Memory corruption in HLOS while running playready use-case.

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

Memory corruption in DSP Services during a remote call from HLOS to DSP.