Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption while reading secure file.

Memory corruption while calling the NPU driver APIs concurrently.

Transient DOS may occur while processing the country IE.

Memory corruption in display driver while detaching a device.

Memory corruption may occur while validating ports and channels in Audio driver.

Information disclosure while deriving keys for a session for any Widevine use case.

Information disclosure while parsing the OCI IE with invalid length.

Memory corruption while power-up or power-down sequence of the camera sensor.

Memory corruption can occur in the camera when an invalid CID is used.

Memory corruption while processing IPA statistics, when there are no active clients registered.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Possible out of bound access in audio module due to lack of validation of user provided input.

Memory corruption during GNSS HAL process initialization.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while handling session errors from firmware.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption while processing IOCTL call for getting group info.