CVE-2022-40510 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2020-11170 — CVSS 9.8 (critical): Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in…
CVE-2021-30351 — CVSS 9.8 (critical): An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon…
CVE-2021-1976 — CVSS 9.8 (critical): A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1972 — CVSS 9.8 (critical): Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1965 — CVSS 9.8 (critical): Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25748 — CVSS 9.8 (critical): Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11134 — CVSS 9.8 (critical): Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup…
CVE-2022-40514 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2021-30285 — CVSS 9.3 (critical): Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11210 — CVSS 9.3 (critical): Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT…
CVE-2021-1942 — CVSS 9.3 (critical): Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30275 — CVSS 9.3 (critical): Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto…
CVE-2021-30276 — CVSS 9.3 (critical): Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon…
CVE-2021-30317 — CVSS 9.3 (critical): Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon…
CVE-2020-11126 — CVSS 9.1 (critical): Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11275 — CVSS 9.1 (critical): Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon…
CVE-2020-11276 — CVSS 9.1 (critical): Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P…
CVE-2020-11301 — CVSS 9.1 (critical): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon…
CVE-2020-11159 — CVSS 9.1 (critical): Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer…
CVE-2021-30339 — CVSS 9.0 (critical): Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial…
CVE-2021-1924 — CVSS 9.0 (critical): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11269 — CVSS 8.8 (high): Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto…
CVE-2020-11258 — CVSS 8.8 (high): Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking
CVE-2020-11257 — CVSS 8.8 (high): Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking
CVE-2020-11259 — CVSS 8.8 (high): Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking
CVE-2020-11256 — CVSS 8.8 (high): Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and…
CVE-2022-33276 — CVSS 8.4 (high): Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
CVE-2022-33275 — CVSS 8.4 (high): Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
CVE-2021-30337 — CVSS 8.4 (high): Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto…
CVE-2021-1913 — CVSS 8.4 (high): Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30335 — CVSS 8.4 (high): Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon…
CVE-2021-30288 — CVSS 8.4 (high): Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon…
CVE-2021-1927 — CVSS 8.4 (high): Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1932 — CVSS 8.4 (high): Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in…
CVE-2021-30282 — CVSS 8.4 (high): Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto…
CVE-2021-30281 — CVSS 8.4 (high): Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device…
CVE-2020-11267 — CVSS 8.4 (high): Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto…
CVE-2021-30274 — CVSS 8.4 (high): Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto…
CVE-2021-1947 — CVSS 8.4 (high): Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon…
CVE-2020-11245 — CVSS 8.4 (high): Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon…
CVE-2021-30260 — CVSS 8.4 (high): Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist…
CVE-2022-40530 — CVSS 8.4 (high): Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
CVE-2020-11284 — CVSS 8.4 (high): Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region…
CVE-2021-1891 — CVSS 8.4 (high): A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon…
CVE-2022-33235 — CVSS 8.2 (high): Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto…
CVE-2022-22062 — CVSS 8.2 (high): An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute…
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2021-30349 — CVSS 8.2 (high): Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto…
CVE-2021-35088 — CVSS 8.2 (high): Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon…
CVE-2020-11235 — CVSS 7.8 (high): Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon…
CVE-2021-30279 — CVSS 7.8 (high): Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute…
CVE-2020-11228 — CVSS 7.8 (high): Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto…
CVE-2020-11204 — CVSS 7.8 (high): Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters…
CVE-2021-30303 — CVSS 7.8 (high): Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11271 — CVSS 7.8 (high): Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1915 — CVSS 7.8 (high): Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11306 — CVSS 7.8 (high): Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11178 — CVSS 7.8 (high): Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its…
CVE-2020-11304 — CVSS 7.8 (high): Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-35069 — CVSS 7.8 (high): Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2023-28550 — CVSS 7.8 (high): Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2021-35103 — CVSS 7.8 (high): Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon…
CVE-2020-11298 — CVSS 7.8 (high): While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by…
CVE-2020-11165 — CVSS 7.8 (high): Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in…
CVE-2020-11289 — CVSS 7.8 (high): Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30259 — CVSS 7.8 (high): Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1950 — CVSS 7.8 (high): Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon…
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2020-11194 — CVSS 7.8 (high): Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon…
CVE-2020-11238 — CVSS 7.5 (high): Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11241 — CVSS 7.5 (high): Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon…
CVE-2020-11270 — CVSS 7.5 (high): Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter…
CVE-2020-11278 — CVSS 7.5 (high): Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11280 — CVSS 7.5 (high): Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to…
CVE-2020-11281 — CVSS 7.5 (high): Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in…
CVE-2020-11296 — CVSS 7.5 (high): Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1887 — CVSS 7.5 (high): An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure…
CVE-2021-1925 — CVSS 7.5 (high): Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1937 — CVSS 7.5 (high): Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon…
CVE-2021-1938 — CVSS 7.5 (high): Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1941 — CVSS 7.5 (high): Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1943 — CVSS 7.5 (high): Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in…
CVE-2021-1945 — CVSS 7.5 (high): Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-1948 — CVSS 7.5 (high): Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon…
CVE-2021-1953 — CVSS 7.5 (high): Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon…
CVE-2021-1954 — CVSS 7.5 (high): Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon…
CVE-2021-1964 — CVSS 7.5 (high): Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon…
CVE-2021-1971 — CVSS 7.5 (high): Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-1974 — CVSS 7.5 (high): Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon…
CVE-2021-1980 — CVSS 7.5 (high): Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30302 — CVSS 7.5 (high): Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute…
CVE-2021-30312 — CVSS 7.5 (high): Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25667 — CVSS 7.5 (high): Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking
CVE-2022-25736 — CVSS 7.5 (high): Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25749 — CVSS 7.5 (high): Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33237 — CVSS 7.5 (high): Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33238 — CVSS 7.5 (high): Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon…
CVE-2022-33306 — CVSS 7.5 (high): Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
CVE-2022-40512 — CVSS 7.5 (high): Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
CVE-2023-33105 — CVSS 7.5 (high): Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence…
CVE-2020-11119 — CVSS 7.5 (high): Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto…
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2024-33011 — CVSS 7.5 (high): Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33050 — CVSS 7.5 (high): Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2025-21446 — CVSS 7.5 (high): Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
CVE-2021-30271 — CVSS 7.3 (high): Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto…
CVE-2021-30269 — CVSS 7.3 (high): Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30272 — CVSS 7.3 (high): Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto…
CVE-2021-1909 — CVSS 7.3 (high): Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30270 — CVSS 7.3 (high): Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon…
CVE-2020-11263 — CVSS 7.3 (high): An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon…
CVE-2024-21469 — CVSS 7.3 (high): Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2020-11252 — CVSS 7.2 (high): Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto…
CVE-2022-40529 — CVSS 7.1 (high): Memory corruption due to improper access control in kernel while processing a mapping request from root process.
CVE-2021-1894 — CVSS 7.1 (high): Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30278 — CVSS 7.1 (high): Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1895 — CVSS 6.8 (medium): Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT…
CVE-2021-30324 — CVSS 6.7 (medium): Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in…