Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

Memory corruption while reading secure file.

Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption while processing input message passed from FE driver.

Memory corruption may occur while processing message from frontend during allocation.

Transient DOS may occur while processing the country IE.

Memory corruption may occur while validating ports and channels in Audio driver.

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

Information disclosure while deriving keys for a session for any Widevine use case.

Memory corruption while configuring a Hypervisor based input virtual device.

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.