Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

Memory corruption in Audio while processing IIR config data from AFE calibration block.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Information disclosure in Audio while accessing AVCS services from ADSP payload.

Transient DOS in Audio when invoking callback function of ASM driver.

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.