snapdragon_8cx_gen_3_compute_platform_firmware

Memory corruption in HLOS while running playready use-case.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Memory corruption while reading ACPI config through the user mode app.

Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory Corruption in Core due to secure memory access by user while loading modem image.

Memory corruption in TZ Secure OS while loading an app ELF.

Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.

Memory corruption while station LL statistic handling.

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.