Information disclosure in Kernel due to indirect branch misprediction.

Transient DOS due to improper authorization in Modem

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

Memory corruption in Linux while sending DRM request.

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host

Memory corruption in Linux android due to double free while calling unregister provider after register call.

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

information disclosure due to cryptographic issue in Core during RPMB read request.

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.