Transient DOS while creating NDP instance.
Transient DOS while processing a frame with malformed shared-key descriptor.
Transient DOS while processing CCCH data when NW sends data with invalid length.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
Memory corruption while retrieving the CBOR data from TA.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Transient DOS while parsing per STA profile in ML IE.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Memory corruption while decoding of OTA messages from T3448 IE.
Memory corruption during the FRS UDS generation process.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption while reading secure file.
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
Memory corruption while calling the NPU driver APIs concurrently.
Transient DOS may occur while processing the country IE.
Memory corruption may occur while accessing a variable during extended back to back tests.
Memory corruption may occur while validating ports and channels in Audio driver.
Memory corruption while processing command in Glink linux.
Transient DOS during hypervisor virtual I/O operation in a virtual machine.
Information disclosure while deriving keys for a session for any Widevine use case.
While processing the authentication message in UE, improper authentication may lead to information disclosure.
Memory corruption during management frame processing due to mismatch in T2LM info element.
Information disclosure while parsing the OCI IE with invalid length.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Memory corruption while parsing the ML IE due to invalid frame content.
Memory corruption while configuring a Hypervisor based input virtual device.
Information disclosure while processing IO control commands.
Information disclosure during audio playback.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Memory corruption during GNSS HAL process initialization.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.