Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Transient DOS due to improper authorization in Modem

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Memory corruption due to stack-based buffer overflow in Core

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.