Magánszemélyeknek

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

Transient DOS while processing the EHT operation IE in the received beacon frame.

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.