Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.

Memory corruption in Automotive Android OS due to improper validation of array index.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Transient DOS due to buffer over-read in WLAN while sending a packet to device.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption in WLAN due to use after free

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM