Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

Memory corruption while taking snapshot when an offset variable is set by camera driver.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

Memory corruption in DSP Services during a remote call from HLOS to DSP.

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.