Home › Vendors › Qualcomm › Qcs4490 FirmwareQualcomm Qcs4490 Firmware — known CVE vulnerabilities Every CVE whose affected-product data names Qualcomm Qcs4490 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200) CVE-2025-27034 — CVSS 9.8 (critical) : Memory corruption while selecting the PLMN from SOR failed list.CVE-2023-33025 — CVSS 9.8 (critical) : Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.CVE-2023-33028 — CVSS 9.8 (critical) : Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.CVE-2025-21483 — CVSS 9.8 (critical) : Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.CVE-2023-22388 — CVSS 9.8 (critical) : Memory Corruption in Multi-mode Call Processor while processing bit mask API.CVE-2023-24855 — CVSS 9.8 (critical) : Memory corruption in Modem while processing security related configuration before AS Security Exchange.CVE-2023-28582 — CVSS 9.8 (critical) : Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.CVE-2023-33072 — CVSS 9.3 (critical) : Memory corruption in Core while processing control functions.CVE-2023-43556 — CVSS 9.3 (critical) : Memory corruption in Hypervisor when platform information mentioned is not aligned.CVE-2023-28578 — CVSS 9.3 (critical) : Memory corruption in Core Services while executing the command for removing a single event listener.CVE-2023-33030 — CVSS 9.3 (critical) : Memory corruption in HLOS while running playready use-case.CVE-2023-43551 — CVSS 9.1 (critical) : Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…CVE-2025-21450 — CVSS 9.1 (critical) : Cryptographic issue occurs due to use of insecure connection method while downloading.CVE-2023-28540 — CVSS 9.1 (critical) : Cryptographic issue in Data Modem due to improper authentication during TLS handshake.CVE-2023-33054 — CVSS 9.1 (critical) : Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.CVE-2023-28574 — CVSS 9.0 (critical) : Memory corruption in core services when Diag handler receives a command to configure event listeners.CVE-2025-47392 — CVSS 8.8 (high) : Memory corruption when decoding corrupted satellite data files with invalid signature offsets.CVE-2023-21673 — CVSS 8.7 (high) : Improper Access to the VM resource manager can lead to Memory Corruption.CVE-2025-21479 — CVSS 8.6 (high) — actively exploited : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.CVE-2025-21480 — CVSS 8.6 (high) — actively exploited : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.CVE-2024-23351 — CVSS 8.4 (high) : Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.CVE-2024-23372 — CVSS 8.4 (high) : Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.CVE-2023-33029 — CVSS 8.4 (high) : Memory corruption in DSP Service during a remote call from HLOS to DSP.CVE-2023-33033 — CVSS 8.4 (high) : Memory corruption in Audio during playback with speaker protection.CVE-2024-23354 — CVSS 8.4 (high) : Memory corruption when the IOCTL call is interrupted by a signal.CVE-2024-23373 — CVSS 8.4 (high) : Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.CVE-2024-21471 — CVSS 8.4 (high) : Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.CVE-2024-21464 — CVSS 8.4 (high) : Memory corruption while processing IPA statistics, when there are no active clients registered.CVE-2024-21461 — CVSS 8.4 (high) : Memory corruption while performing finish HMAC operation when context is freed by keymaster.CVE-2023-43531 — CVSS 8.4 (high) : Memory corruption while verifying the serialized header when the key pairs are generated.CVE-2023-33066 — CVSS 8.4 (high) : Memory corruption in Audio while processing RT proxy port register driver.CVE-2023-33113 — CVSS 8.4 (high) : Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.CVE-2023-33107 — CVSS 8.4 (high) — actively exploited : Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.CVE-2023-33106 — CVSS 8.4 (high) — actively exploited : Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.CVE-2023-33092 — CVSS 8.4 (high) : Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.CVE-2023-33088 — CVSS 8.4 (high) : Memory corruption when processing cmd parameters while parsing vdev.CVE-2023-24852 — CVSS 8.4 (high) : Memory Corruption in Core due to secure memory access by user while loading modem image.CVE-2023-24853 — CVSS 8.4 (high) : Memory Corruption in HLOS while registering for key provisioning notify.CVE-2023-28547 — CVSS 8.4 (high) : Memory corruption in SPS Application while requesting for public key in sorter TA.CVE-2023-21628 — CVSS 8.4 (high) : Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.CVE-2022-33275 — CVSS 8.4 (high) : Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.CVE-2024-33060 — CVSS 8.4 (high) : Memory corruption when two threads try to map and unmap a single node simultaneously.CVE-2024-33056 — CVSS 8.4 (high) : Memory corruption when allocating and accessing an entry in an SMEM partition continuously.CVE-2024-33045 — CVSS 8.4 (high) : Memory corruption when BTFM client sends new messages over Slimbus to ADSP.CVE-2024-33035 — CVSS 8.4 (high) : Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.CVE-2024-33034 — CVSS 8.4 (high) : Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…CVE-2024-33023 — CVSS 8.4 (high) : Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.CVE-2022-40507 — CVSS 8.4 (high) : Memory corruption due to double free in Core while mapping HLOS address to the list.CVE-2024-23384 — CVSS 8.4 (high) : Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.CVE-2024-23382 — CVSS 8.4 (high) : Memory corruption while processing graphics kernel driver request to create DMA fence.CVE-2024-23380 — CVSS 8.4 (high) : Memory corruption while handling user packets during VBO bind operation.CVE-2023-24844 — CVSS 8.4 (high) : Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.CVE-2023-33023 — CVSS 8.4 (high) : Memory corruption while processing finish_sign command to pass a rsp buffer.CVE-2023-22385 — CVSS 8.2 (high) : Memory Corruption in Data Modem while making a MO call or MT VOLTE call.CVE-2023-28585 — CVSS 8.2 (high) : Memory corruption while loading an ELF segment in TEE Kernel.CVE-2024-23359 — CVSS 8.2 (high) : Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.CVE-2023-24849 — CVSS 8.2 (high) : Information Disclosure in data Modem while parsing an FMTP line in an SDP message.CVE-2023-24848 — CVSS 8.2 (high) : Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.CVE-2023-28545 — CVSS 8.2 (high) : Memory corruption in TZ Secure OS while loading an app ELF.CVE-2025-21484 — CVSS 8.2 (high) : Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.CVE-2024-53019 — CVSS 8.2 (high) : Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.CVE-2024-49838 — CVSS 8.2 (high) : Information disclosure while parsing the OCI IE with invalid length.CVE-2024-38408 — CVSS 8.2 (high) : Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.CVE-2025-21427 — CVSS 8.2 (high) : Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.CVE-2024-53026 — CVSS 8.2 (high) : Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.CVE-2024-53021 — CVSS 8.2 (high) : Information disclosure may occur while processing goodbye RTCP packet from network.CVE-2024-53020 — CVSS 8.2 (high) : Information disclosure may occur while decoding the RTP packet with invalid header extension from network.CVE-2023-33058 — CVSS 8.2 (high) : Information disclosure in Modem while processing SIB5.CVE-2025-21487 — CVSS 8.2 (high) : Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…CVE-2025-21488 — CVSS 8.2 (high) : Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.CVE-2023-43555 — CVSS 8.2 (high) : Information disclosure in Video while parsing mp2 clip with invalid section length.CVE-2024-53014 — CVSS 7.8 (high) : Memory corruption may occur while validating ports and channels in Audio driver.CVE-2023-21656 — CVSS 7.8 (high) : Memory corruption in WLAN HOST while receiving an WMI event from firmware.CVE-2023-21670 — CVSS 7.8 (high) : Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.CVE-2023-22386 — CVSS 7.8 (high) : Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.CVE-2023-22387 — CVSS 7.8 (high) : Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.CVE-2023-24850 — CVSS 7.8 (high) : Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.CVE-2023-24851 — CVSS 7.8 (high) : Memory Corruption in WLAN HOST while parsing QMI response message from firmware.CVE-2023-24854 — CVSS 7.8 (high) : Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.CVE-2023-28544 — CVSS 7.8 (high) : Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.CVE-2023-28546 — CVSS 7.8 (high) : Memory Corruption in SPS Application while exporting public key in sorter TA.CVE-2023-28548 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.CVE-2023-28549 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.CVE-2023-28550 — CVSS 7.8 (high) : Memory corruption in MPP performance while accessing DSM watermark using external memory address.CVE-2023-28551 — CVSS 7.8 (high) : Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.CVE-2023-28557 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.CVE-2023-28558 — CVSS 7.8 (high) : Memory corruption in WLAN handler while processing PhyID in Tx status handler.CVE-2023-28559 — CVSS 7.8 (high) : Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.CVE-2023-28560 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.CVE-2023-28564 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.CVE-2023-28565 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while handling command streams through WMI interfaces.CVE-2023-28567 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while handling command through WMI interfaces.CVE-2023-28573 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while parsing WMI command parameters.CVE-2023-28587 — CVSS 7.8 (high) : Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.CVE-2023-33017 — CVSS 7.8 (high) : Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.CVE-2023-33018 — CVSS 7.8 (high) : Memory corruption while using the UIM diag command to get the operators name.CVE-2023-33063 — CVSS 7.8 (high) — actively exploited : Memory corruption in DSP Services during a remote call from HLOS to DSP.CVE-2023-33087 — CVSS 7.8 (high) : Memory corruption in Core while processing RX intent request.CVE-2023-43513 — CVSS 7.8 (high) : Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…CVE-2023-43542 — CVSS 7.8 (high) : Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.CVE-2023-43550 — CVSS 7.8 (high) : Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.CVE-2024-21465 — CVSS 7.8 (high) : Memory corruption while processing key blob passed by the user.CVE-2024-21475 — CVSS 7.8 (high) : Memory corruption when the payload received from firmware is not as per the expected protocol size.CVE-2024-23356 — CVSS 7.8 (high) : Memory corruption during session sign renewal request calls in HLOS.CVE-2024-23368 — CVSS 7.8 (high) : Memory corruption when allocating and accessing an entry in an SMEM partition.CVE-2024-33038 — CVSS 7.8 (high) : Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.CVE-2024-33042 — CVSS 7.8 (high) : Memory corruption when Alternative Frequency offset value is set to 255.CVE-2024-33052 — CVSS 7.8 (high) : Memory corruption when user provides data for FM HCI command control operations.CVE-2024-38402 — CVSS 7.8 (high) : Memory corruption while processing IOCTL call for getting group info.CVE-2024-38415 — CVSS 7.8 (high) : Memory corruption while handling session errors from firmware.CVE-2024-38424 — CVSS 7.8 (high) : Memory corruption during GNSS HAL process initialization.CVE-2024-45553 — CVSS 7.8 (high) : Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another…CVE-2024-45557 — CVSS 7.8 (high) : Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.CVE-2024-49833 — CVSS 7.8 (high) : Memory corruption can occur in the camera when an invalid CID is used.CVE-2024-49834 — CVSS 7.8 (high) : Memory corruption while power-up or power-down sequence of the camera sensor.CVE-2024-53010 — CVSS 7.8 (high) : Memory corruption may occur while attaching VM when the HLOS retains access to VM.CVE-2024-53024 — CVSS 7.8 (high) : Memory corruption in display driver while detaching a device.CVE-2025-21432 — CVSS 7.8 (high) : Memory corruption while retrieving the CBOR data from TA.CVE-2025-21453 — CVSS 7.8 (high) : Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.CVE-2025-21468 — CVSS 7.8 (high) : Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…CVE-2025-27042 — CVSS 7.8 (high) : Memory corruption while processing video packets received from video firmware.CVE-2025-27053 — CVSS 7.8 (high) : Memory corruption during PlayReady APP usecase while processing TA commands.CVE-2025-27054 — CVSS 7.8 (high) : Memory corruption while processing a malformed license file during reboot.CVE-2025-27061 — CVSS 7.8 (high) : Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.CVE-2025-47323 — CVSS 7.8 (high) : Memory corruption while routing GPR packets between user and root when handling large data packet.CVE-2025-47348 — CVSS 7.8 (high) : Memory corruption while processing identity credential operations in the trusted application.CVE-2025-47373 — CVSS 7.8 (high) : Memory Corruption when accessing buffers with invalid length during TA invocation.CVE-2025-47391 — CVSS 7.8 (high) : Memory corruption while processing a frame request from user.CVE-2025-47397 — CVSS 7.8 (high) : Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.CVE-2025-47398 — CVSS 7.8 (high) : Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.CVE-2025-59600 — CVSS 7.8 (high) : Memory Corruption when adding user-supplied data without checking available buffer space.CVE-2025-59604 — CVSS 7.8 (high) : Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.CVE-2025-59605 — CVSS 7.8 (high) : Memory Corruption when processing device identifier strings that exceed the expected maximum length.CVE-2026-21385 — CVSS 7.8 (high) — actively exploited : Memory corruption while using alignments for memory allocation.CVE-2024-45549 — CVSS 7.7 (high) : Information disclosure while creating MQ channels.CVE-2026-21367 — CVSS 7.6 (high) : Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.CVE-2023-33014 — CVSS 7.6 (high) : Information disclosure in Core services while processing a Diag command.CVE-2024-21479 — CVSS 7.5 (high) : Transient DOS during music playback of ALAC content.CVE-2023-33043 — CVSS 7.5 (high) : Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.CVE-2023-33040 — CVSS 7.5 (high) : Transient DOS in Data Modem during DTLS handshake.CVE-2024-23352 — CVSS 7.5 (high) : Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.CVE-2024-23353 — CVSS 7.5 (high) : Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.CVE-2023-33044 — CVSS 7.5 (high) : Transient DOS in Data modem while handling TLB control messages from the Network.CVE-2023-33047 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing no-inherit IES.CVE-2023-33049 — CVSS 7.5 (high) : Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.CVE-2023-33057 — CVSS 7.5 (high) : Transient DOS in Multi-Mode Call Processor while processing UE policy container.CVE-2023-43536 — CVSS 7.5 (high) : Transient DOS while parse fils IE with length equal to 1.CVE-2024-23364 — CVSS 7.5 (high) : Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…CVE-2023-43533 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.CVE-2023-33027 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing rsn ies.CVE-2023-33026 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing a NAN management frame.CVE-2023-33015 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.CVE-2023-28588 — CVSS 7.5 (high) : Transient DOS in Bluetooth Host while rfc slot allocation.CVE-2024-23385 — CVSS 7.5 (high) : Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.CVE-2024-33010 — CVSS 7.5 (high) : Transient DOS while parsing fragments of MBSSID IE from beacon frame.CVE-2024-33011 — CVSS 7.5 (high) : Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.CVE-2024-33012 — CVSS 7.5 (high) : Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.CVE-2024-33014 — CVSS 7.5 (high) : Transient DOS while parsing ESP IE from beacon/probe response frame.CVE-2024-33015 — CVSS 7.5 (high) : Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor…CVE-2023-33062 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing a BTM request.CVE-2023-43529 — CVSS 7.5 (high) : Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.CVE-2023-43522 — CVSS 7.5 (high) : Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.CVE-2023-28584 — CVSS 7.5 (high) : Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).CVE-2023-43511 — CVSS 7.5 (high) : Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…CVE-2023-33112 — CVSS 7.5 (high) : Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.CVE-2023-33109 — CVSS 7.5 (high) : Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.CVE-2023-33080 — CVSS 7.5 (high) : Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.CVE-2023-33084 — CVSS 7.5 (high) : Transient DOS while processing IE fragments from server during DTLS handshake.CVE-2024-33050 — CVSS 7.5 (high) : Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.CVE-2024-33051 — CVSS 7.5 (high) : Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.CVE-2023-33105 — CVSS 7.5 (high) : Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence…CVE-2023-33104 — CVSS 7.5 (high) : Transient DOS while processing PDU Release command with a parameter PDU ID out of range.CVE-2023-33103 — CVSS 7.5 (high) : Transient DOS while processing CAG info IE received from NW.CVE-2023-33101 — CVSS 7.5 (high) : Transient DOS while processing DL NAS TRANSPORT message with payload length 0.CVE-2023-33100 — CVSS 7.5 (high) : Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.CVE-2023-33099 — CVSS 7.5 (high) : Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.CVE-2023-33098 — CVSS 7.5 (high) : Transient DOS while parsing WPA IES, when it is passed with length more than expected size.CVE-2023-33096 — CVSS 7.5 (high) : Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.CVE-2023-33095 — CVSS 7.5 (high) : Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.CVE-2023-33086 — CVSS 7.5 (high) : Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.CVE-2023-33089 — CVSS 7.5 (high) : Transient DOS when processing a NULL buffer while parsing WLAN vdev.CVE-2022-40504 — CVSS 7.5 (high) : Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.CVE-2022-40521 — CVSS 7.5 (high) : Transient DOS due to improper authorization in ModemCVE-2022-40536 — CVSS 7.5 (high) : Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.CVE-2023-21631 — CVSS 7.5 (high) : Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.CVE-2023-28555 — CVSS 7.5 (high) : Transient DOS in Audio while remapping channel buffer in media codec decoding.CVE-2025-21448 — CVSS 7.5 (high) : Transient DOS may occur while parsing SSID in action frames.CVE-2025-21446 — CVSS 7.5 (high) : Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.CVE-2022-34144 — CVSS 7.5 (high) : Transient DOS due to reachable assertion in Modem during OSI decode scheduling.CVE-2023-21658 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.CVE-2023-24847 — CVSS 7.5 (high) : Transient DOS in Modem while allocating DSM items.CVE-2023-21661 — CVSS 7.5 (high) : Transient DOS while parsing WLAN beacon or probe-response frame.CVE-2024-53027 — CVSS 7.5 (high) : Transient DOS may occur while processing the country IE.CVE-2023-21660 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing FT Information Elements.CVE-2023-21659 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while processing frames with missing header fields.CVE-2025-27066 — CVSS 7.5 (high) : Transient DOS while processing an ANQP message.CVE-2024-21469 — CVSS 7.3 (high) : Memory corruption when an invoke call and a TEE call are bound for the same trusted application.CVE-2024-21480 — CVSS 7.3 (high) : Memory corruption while playing audio file having large-sized input buffer.CVE-2023-43518 — CVSS 7.3 (high) : Memory corruption in video while parsing invalid mp2 clip.CVE-2023-43519 — CVSS 7.3 (high) : Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.