Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while parsing the memory map info in IOCTL calls.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Memory corruption during session sign renewal request calls in HLOS.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Information disclosure while handling beacon or probe response frame in STA.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

Memory corruption when there is failed unmap operation in GPU.