Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Core Services while executing the command for removing a single event listener.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.