Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Memory corruption while processing IOCTL calls to unmap the buffers.

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Memory corruption while processing the update SIM PB records request.

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.

memory corruption when WiFi display APIs are invoked with large random inputs.

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

Memory corruption while maintaining memory maps of HLOS memory.