CVE-2023-43551 — CVSS 9.1 (critical): Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…
CVE-2024-33027 — CVSS 8.4 (high): Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page…
CVE-2023-33114 — CVSS 8.4 (high): Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2023-28550 — CVSS 7.8 (high): Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2024-45564 — CVSS 7.8 (high): Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVE-2024-43067 — CVSS 7.8 (high): Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2024-21475 — CVSS 7.8 (high): Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2023-33020 — CVSS 7.5 (high): Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
CVE-2023-33019 — CVSS 7.5 (high): Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
CVE-2023-21631 — CVSS 7.5 (high): Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
CVE-2024-23353 — CVSS 7.5 (high): Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2025-21428 — CVSS 7.5 (high): Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
CVE-2022-33289 — CVSS 6.8 (medium): Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-33302 — CVSS 6.8 (medium): Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2023-33067 — CVSS 6.7 (medium): Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
CVE-2023-28575 — CVSS 6.7 (medium): The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type…
CVE-2024-33032 — CVSS 6.7 (medium): Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
CVE-2024-33036 — CVSS 6.7 (medium): Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing…
CVE-2025-47404 — CVSS 6.5 (medium): Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
CVE-2025-59610 — CVSS 6.4 (medium): Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2024-33067 — CVSS 6.1 (medium): Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model…
CVE-2024-33037 — CVSS 6.1 (medium): Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received…
CVE-2023-43528 — CVSS 6.1 (medium): Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this…
CVE-2023-28586 — CVSS 6.0 (medium): Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2023-33111 — CVSS 5.5 (medium): Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration…