Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.

Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

Memory corruption while reading the FW response from the shared queue.

Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.

Transient DOS while parsing per STA profile in ML IE.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption during the FRS UDS generation process.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

Memory corruption while reading secure file.

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

Memory corruption while prociesing command buffer buffer in OPE module.

Memory corruption Camera kernel when large number of devices are attached through userspace.

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

Memory corruption due to improper bounds check while command handling in camera-kernel driver.

Memory corruption while encoding JPEG format.

Memory corruption during concurrent access to server info object due to incorrect reference count update.