Memory corruption while using alignments for memory allocation.

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

Memory corruption while processing MFC channel configuration during music playback.

Cryptographic issue while performing RSA PKCS padding decoding.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption when there is failed unmap operation in GPU.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

Memory corruption in Audio while processing IIR config data from AFE calibration block.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Transient DOS due to improper authorization in Modem

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

Information disclosure due to buffer over-read in modem while reading configuration parameters.

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

memory corruption in modem due to improper check while calculating size of serialized CoAP message

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

Information disclosure in modem due to missing NULL check while reading packets received from local network

Information disclosure in modem due to buffer over-read while processing packets from DNS server

Information disclosure in modem due to improper check of IP type while processing DNS server query

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Memory correction in modem due to buffer overwrite during coap connection

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Information Disclosure in Graphics during GPU context switch.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

Information disclosure in modem due to buffer over-red while performing checksum of packet received

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

Denial of service in modem due to missing null check while processing IP packets with padding

Denial of service in modem due to null pointer dereference while processing DNS packets

Information disclosure in modem due to buffer over read in dns client due to missing length check

Information disclosure in modem due to buffer over-read while processing response from DNS server

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables