Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to use after free in Modem while modem initialization.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption in Automotive Android OS due to improper validation of array index.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption in WLAN due to use after free

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Information Disclosure in Graphics during GPU context switch.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.