Qualcomm Qcn9012 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Qcn9012 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2021-1965 — CVSS 9.8 (critical): Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute…
CVE-2022-40510 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2021-35104 — CVSS 9.8 (critical): Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute…
CVE-2022-22088 — CVSS 9.8 (critical): Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
CVE-2022-25748 — CVSS 9.8 (critical): Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11134 — CVSS 9.8 (critical): Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup…
CVE-2021-1972 — CVSS 9.8 (critical): Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1976 — CVSS 9.8 (critical): A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute…
CVE-2022-40514 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2022-33257 — CVSS 9.3 (critical): Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
CVE-2022-33232 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2023-21651 — CVSS 9.3 (critical): Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2021-1942 — CVSS 9.3 (critical): Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2020-11275 — CVSS 9.1 (critical): Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon…
CVE-2020-11126 — CVSS 9.1 (critical): Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11159 — CVSS 9.1 (critical): Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer…
CVE-2020-11276 — CVSS 9.1 (critical): Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P…
CVE-2020-11301 — CVSS 9.1 (critical): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon…
CVE-2021-1924 — CVSS 9.0 (critical): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25652 — CVSS 9.0 (critical): Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking
CVE-2021-30281 — CVSS 8.4 (high): Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device…
CVE-2021-1927 — CVSS 8.4 (high): Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute…
CVE-2024-23373 — CVSS 8.4 (high): Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2021-30260 — CVSS 8.4 (high): Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist…
CVE-2021-30318 — CVSS 8.4 (high): Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30334 — CVSS 8.4 (high): Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30335 — CVSS 8.4 (high): Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon…
CVE-2021-30337 — CVSS 8.4 (high): Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto…
CVE-2021-35068 — CVSS 8.4 (high): Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in…
CVE-2021-35105 — CVSS 8.4 (high): Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11267 — CVSS 8.4 (high): Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto…
CVE-2023-33114 — CVSS 8.4 (high): Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2022-25681 — CVSS 8.4 (high): Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation…
CVE-2022-25724 — CVSS 8.4 (high): Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33275 — CVSS 8.4 (high): Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
CVE-2022-33276 — CVSS 8.4 (high): Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
CVE-2022-33277 — CVSS 8.4 (high): Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2022-33235 — CVSS 8.2 (high): Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto…
CVE-2022-33255 — CVSS 8.2 (high): Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2022-33268 — CVSS 8.2 (high): Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute…
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2021-35088 — CVSS 8.2 (high): Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon…
CVE-2021-30349 — CVSS 8.2 (high): Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto…
CVE-2022-25746 — CVSS 8.1 (high): Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
CVE-2025-47323 — CVSS 7.8 (high): Memory corruption while routing GPR packets between user and root when handling large data packet.
CVE-2020-11204 — CVSS 7.8 (high): Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters…
CVE-2020-11235 — CVSS 7.8 (high): Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon…
CVE-2020-11289 — CVSS 7.8 (high): Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1915 — CVSS 7.8 (high): Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30303 — CVSS 7.8 (high): Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35069 — CVSS 7.8 (high): Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35103 — CVSS 7.8 (high): Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon…
CVE-2021-35129 — CVSS 7.8 (high): Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon…
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-33117 — CVSS 7.8 (high): Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…
CVE-2023-33118 — CVSS 7.8 (high): Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter…
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-43550 — CVSS 7.8 (high): Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2024-45571 — CVSS 7.8 (high): Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-21476 — CVSS 7.8 (high): Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.