An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

An image with a version lower than the fuse version may potentially be booted lead to improper authentication.

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Certain unprivileged processes are able to perform IOCTL calls.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption while processing finish_sign command to pass a rsp buffer.