Memory corruption while allocating memory in HGSL driver.

Memory corruption while processing IOCTL call to set metainfo.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

Transient DOS during music playback of ALAC content.

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

Memory corruption when the payload received from firmware is not as per the expected protocol size.