Transient DOS when processing a received frame with an excessively large authentication information element.
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Memory corruption while calculating offset from partition start point.
Memory corruption when calculating oversized partition sizes without proper checks.
Memory Corruption when multiple threads simultaneously access a memory free API.
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
Memory corruption when accessing resources in kernel driver.
Memory corruption while passing pages to DSP with an unaligned starting address.
Memory corruption while preprocessing IOCTLs in sensors.
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
Memory Corruption when multiple threads concurrently access and modify shared resources.
Memory corruption while processing identity credential operations in the trusted application.
Memory corruption while processing a secure logging command in the trusted application.
Cryptographic issue may occur while encrypting license data.
Memory corruption while handling sensor utility operations.
Memory corruption while processing a video session to set video parameters.
Memory corruption while deinitializing a HDCP session.
Memory corruption while accessing a synchronization object during concurrent operations.
Memory corruption while performing sensor register read operations.
Memory corruption while parsing clock configuration data for a specific hardware type.
Memory corruption while processing shared command buffer packet between camera userspace and kernel.
Memory corruption while handling buffer mapping operations in the cryptographic driver.
Memory corruption while processing a config call from userspace.
Information disclosure while processing a firmware event.
Transient DOS while parsing video packets received from the video firmware.
Memory Corruption when processing IOCTLs for JPEG data without verification.
Memory corruption while loading an invalid firmware in boot loader.
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
Information disclosure while processing system calls with invalid parameters.
Memory corruption while routing GPR packets between user and root when handling large data packet.
Memory corruption while handling IOCTL calls to set mode.
Memory corruption while copying packets received from unix clients.
Memory corruption while processing MFC channel configuration during music playback.
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS
Memory corruption during video playback when video session open fails with time out error.
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
Memory corruption while accessing a buffer during IOCTL processing.
Memory corruption while processing large input data from a remote source via a communication interface.
Information disclosure while processing message from client with invalid payload.
Memory corruption when triggering a subsystem crash with an out-of-range identifier.
Memory corruption while processing client message during device management.
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions.