Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
Memory corruption when IOCTL call is invoked from user-space to read board data.
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
Memory corruption while processing API calls to NPU with invalid input.
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Memory corruption while station LL statistic handling.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
Transient DOS while parsing BTM ML IE when per STA profile is not included.
Memory corruption while taking snapshot when an offset variable is set by camera driver.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Memory corruption when the captureRead QDCM command is invoked from user-space.
memory corruption when an invalid firehose patch command is invoked.
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
Cryptographic issue while parsing RSA keys in COBR format.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
Memory corruption during session sign renewal request calls in HLOS.
Memory corruption when keymaster operation imports a shared key.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption while processing key blob passed by the user.
Transient DOS while loading the TA ELF file.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Memory corruption while processing IOCTL handler in FastRPC.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
Memory corruption while verifying the serialized header when the key pairs are generated.
Memory corruption in HLOS while checking for the storage type.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption while allocating memory for graphics.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory corruption while processing TPC target power table in FTM TPC.
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
Memory corruption while processing the IOCTL FM HCI WRITE request.