Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Memory corruption in Graphics while importing a file.

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command le

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.