Memory corruption while processing GPU page table switch.
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Memory corruption while handling session errors from firmware.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
Memory corruption while maintaining memory maps of HLOS memory.
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption when user provides data for FM HCI command control operations.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
Memory corruption when Alternative Frequency offset value is set to 255.
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Transient DOS while processing TID-to-link mapping IE elements.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
Memory corruption during session sign renewal request calls in HLOS.
Memory corruption when keymaster operation imports a shared key.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Transient DOS during music playback of ALAC content.
Information disclosure while handling beacon or probe response frame in STA.
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Memory corruption when allocating and accessing an entry in an SMEM partition.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory corruption while processing key blob passed by the user.
Transient DOS while loading the TA ELF file.
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Information disclosure in Video while parsing mp2 clip with invalid section length.
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Memory corruption while playing audio file having large-sized input buffer.
Memory corruption when the channel ID passed by user is not validated and further used.
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
Memory corruption while verifying the serialized header when the key pairs are generated.
Memory corruption in HLOS while checking for the storage type.
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
Information disclosure while parsing dts header atom in Video.
Memory corruption when the bandpass filter order received from AHAL is not within the expected range.
Memory corruption when multiple listeners are being registered with the same file descriptor.
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
Memory corruption when there is failed unmap operation in GPU.
Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.