Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption when Alternative Frequency offset value is set to 255.

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

Transient DOS while processing TID-to-link mapping IE elements.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Memory corruption during session sign renewal request calls in HLOS.

Memory corruption when keymaster operation imports a shared key.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

Transient DOS during music playback of ALAC content.

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Information disclosure while handling beacon or probe response frame in STA.

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.