Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS in WLAN Firmware while parsing a BTM request.

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Memory corruption when processing cmd parameters while parsing vdev.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Information disclosure in WLAN HAL while handling command through WMI interfaces.

Information disclosure in WLAN HAL while handling the WMI state info command.

Information disclosure in IOE Firmware while handling WMI command.

Transient DOS in WLAN Firmware while parsing rsn ies.

Transient DOS in Modem while allocating DSM items.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.