Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Memory corruption due to double free in core while initializing the encryption key.

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

Information disclosure in modem due to improper check of IP type while processing DNS server query

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.