Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption may occur while validating ports and channels in Audio driver.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while processing IOCTL calls to unmap the buffers.

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Memory corruption when there is failed unmap operation in GPU.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.