Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

Memory corruption while reading the FW response from the shared queue.

Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption while reading secure file.

Memory corruption during concurrent access to server info object due to unprotected critical field.

Memory corruption while calling the NPU driver APIs concurrently.

Transient DOS may occur while processing the country IE.

Memory corruption may occur while validating ports and channels in Audio driver.

Information disclosure while deriving keys for a session for any Widevine use case.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

Memory corruption while handling session errors from firmware.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption while maintaining memory maps of HLOS memory.

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.