Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Transient DOS while processing the EHT operation IE in the received beacon frame.
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Information disclosure may occur while processing goodbye RTCP packet from network.
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
Memory corruption may occur while processing the OIS packet parser.
Memory corruption while processing I2C settings in Camera driver.
Memory corruption while processing IOCTL command to handle buffers associated with a session.
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
Memory corruption while reading the FW response from the shared queue.
Transient DOS while parsing per STA profile in ML IE.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Memory corruption while decoding of OTA messages from T3448 IE.
Memory corruption during the FRS UDS generation process.
Memory corruption while triggering commands in the PlayReady Trusted application.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Memory corruption while reading secure file.
Memory corruption can occur during context user dumps due to inadequate checks on buffer length.
Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.
Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.
Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.
Memory corruption while prociesing command buffer buffer in OPE module.
Memory corruption Camera kernel when large number of devices are attached through userspace.
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
Memory corruption due to improper bounds check while command handling in camera-kernel driver.
Memory corruption while encoding JPEG format.
Memory corruption during concurrent buffer access due to modification of the reference count.
Memory corruption during concurrent access to server info object due to incorrect reference count update.
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.
Memory corruption during concurrent access to server info object due to unprotected critical field.
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
Transient DOS may occur while parsing SSID in action frames.
Memory corruption while IOCTL call is invoked from user-space to read board data.
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
Transient DOS may occur while parsing extended IE in beacon.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
Memory corruption while processing escape code in API.
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.