Information disclosure while deriving keys for a session for any Widevine use case.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Core Services while executing the command for removing a single event listener.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Memory corruption in Core while processing control functions.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS in WLAN Firmware while parsing a BTM request.