CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2025-47385 — CVSS 7.8 (high): Memory Corruption when accessing trusted execution environment without proper privilege check.
CVE-2025-47389 — CVSS 7.8 (high): Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
CVE-2025-47407 — CVSS 7.8 (high): Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2025-59604 — CVSS 7.8 (high): Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2025-59606 — CVSS 7.8 (high): Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2026-24082 — CVSS 7.8 (high): Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
CVE-2026-21381 — CVSS 7.6 (high): Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network…
CVE-2026-21367 — CVSS 7.6 (high): Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2025-47378 — CVSS 7.1 (high): Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVE-2026-21383 — CVSS 7.1 (high): Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to…
CVE-2026-24090 — CVSS 7.1 (high): Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
CVE-2025-59615 — CVSS 6.6 (medium): Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper…
CVE-2025-59616 — CVSS 6.6 (medium): Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
CVE-2025-47403 — CVSS 6.5 (medium): Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVE-2025-47374 — CVSS 6.5 (medium): Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
CVE-2025-59610 — CVSS 6.4 (medium): Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2026-21368 — CVSS 5.3 (medium): Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
CVE-2026-21370 — CVSS 5.3 (medium): Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
CVE-2026-21369 — CVSS 5.3 (medium): Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.
CVE-2026-21384 — CVSS 5.3 (medium): Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.