Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

Memory Corruption in Core Platform while printing the response buffer in log.

Memory Corruption while accessing metadata in Display.

Memory corruption in Core Platform while printing the response buffer in log.

Memory corruption in Audio while validating and mapping metadata.

Memory corruption in Audio during playback session with audio effects enabled.

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

Memory Corruption due to improper validation of array index in Linux while updating adn record.

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Information disclosure in Automotive multimedia due to buffer over-read.

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

Transient DOS in Audio while remapping channel buffer in media codec decoding.

Memory corruption while allocating memory in COmxApeDec module in Audio.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.