Memory corruption in Linux android due to double free while calling unregister provider after register call.

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

information disclosure due to cryptographic issue in Core during RPMB read request.

Assertion occurs while processing Reconfiguration message due to improper validation

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.

Memory corruption due to use after free in Modem while modem initialization.

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.