Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

Memory corruption while reading the FW response from the shared queue.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while reading secure file.

Memory corruption while calling the NPU driver APIs concurrently.

Transient DOS may occur while processing the country IE.

Memory corruption may occur while validating ports and channels in Audio driver.

Information disclosure while deriving keys for a session for any Widevine use case.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Possible out of bound access in audio module due to lack of validation of user provided input.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while handling session errors from firmware.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption when user provides data for FM HCI command control operations.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption when Alternative Frequency offset value is set to 255.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.