CVE-2017-11076

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

CVE-2017-9711

Certain unprivileged processes are able to perform IOCTL calls.

CVE-2018-5852

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

CVE-2018-11952

An image with a version lower than the fuse version may potentially be booted lead to improper authentication.