Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption while processing IOCTL handler in FastRPC.

Information disclosure in Video while parsing mp2 clip with invalid section length.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Memory corruption while playing audio file having large-sized input buffer.

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Memory corruption when the channel ID passed by user is not validated and further used.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

Memory corruption while verifying the serialized header when the key pairs are generated.

Memory corruption in HLOS while checking for the storage type.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

Memory corruption while allocating memory for graphics.