Memory Corruption when handling power management requests with improperly sized input/output buffers.

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

Memory Corruption when retrieving output buffer with insufficient size validation.

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

Cryptographic issue while copying data to a destination buffer without validating its size.

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

Memory corruption while processing a frame request from user.

Memory corruption while preprocessing IOCTL request in JPEG driver.

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

Memory corruption while using alignments for memory allocation.

Memory Corruption when processing invalid user address with nonstandard buffer address.

Memory Corruption when adding user-supplied data without checking available buffer space.