Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption while using the UIM diag command to get the operators name.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

Information disclosure in IOE Firmware while handling WMI command.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.