CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2021-35090 — CVSS 9.3 (critical): Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35122 — CVSS 9.3 (critical): Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon…
CVE-2022-33219 — CVSS 9.3 (critical): Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
CVE-2022-33232 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2021-35114 — CVSS 8.4 (high): Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto
CVE-2022-33282 — CVSS 8.4 (high): Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
CVE-2022-33307 — CVSS 8.4 (high): Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
CVE-2024-33035 — CVSS 8.4 (high): Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-33028 — CVSS 8.4 (high): Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2023-33039 — CVSS 8.4 (high): Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
CVE-2024-45555 — CVSS 8.4 (high): Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized…
CVE-2022-25681 — CVSS 8.4 (high): Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation…
CVE-2022-33210 — CVSS 8.4 (high): Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large…
CVE-2021-35132 — CVSS 8.4 (high): Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2024-21481 — CVSS 8.4 (high): Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
CVE-2021-35115 — CVSS 8.4 (high): Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
CVE-2022-25746 — CVSS 8.1 (high): Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
CVE-2023-24850 — CVSS 7.8 (high): Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2021-1950 — CVSS 7.8 (high): Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon…
CVE-2021-35094 — CVSS 7.8 (high): Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto…
CVE-2022-22103 — CVSS 7.8 (high): Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto
CVE-2022-25660 — CVSS 7.8 (high): Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…
CVE-2022-25713 — CVSS 7.8 (high): Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-33278 — CVSS 7.8 (high): Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
CVE-2023-33046 — CVSS 7.8 (high): Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2024-43060 — CVSS 7.8 (high): Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
CVE-2024-43061 — CVSS 7.8 (high): Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in…
CVE-2024-43067 — CVSS 7.8 (high): Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2024-45564 — CVSS 7.8 (high): Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVE-2025-21445 — CVSS 7.8 (high): Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2025-21456 — CVSS 7.8 (high): Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
CVE-2025-21460 — CVSS 7.8 (high): Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-47389 — CVSS 7.8 (high): Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
CVE-2025-59604 — CVSS 7.8 (high): Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2025-59605 — CVSS 7.8 (high): Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-59606 — CVSS 7.8 (high): Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2023-21652 — CVSS 7.7 (high): Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
CVE-2024-43064 — CVSS 7.5 (high): Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.
CVE-2024-45558 — CVSS 7.5 (high): Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE…
CVE-2024-33057 — CVSS 7.5 (high): Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the…
CVE-2025-21430 — CVSS 7.5 (high): Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
CVE-2024-33050 — CVSS 7.5 (high): Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-33049 — CVSS 7.5 (high): Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
CVE-2024-33018 — CVSS 7.5 (high): Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
CVE-2024-33069 — CVSS 7.5 (high): Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33011 — CVSS 7.5 (high): Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-33015 — CVSS 7.5 (high): Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor…
CVE-2021-30269 — CVSS 7.3 (high): Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute…
CVE-2022-33273 — CVSS 7.3 (high): Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
CVE-2021-35097 — CVSS 7.3 (high): Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon…
CVE-2024-21469 — CVSS 7.3 (high): Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2021-35101 — CVSS 7.1 (high): Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute…
CVE-2025-47366 — CVSS 7.1 (high): Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
CVE-2021-1894 — CVSS 7.1 (high): Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute…
CVE-2023-21626 — CVSS 7.1 (high): Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
CVE-2022-40529 — CVSS 7.1 (high): Memory corruption due to improper access control in kernel while processing a mapping request from root process.
CVE-2022-25665 — CVSS 6.8 (medium): Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
CVE-2024-33032 — CVSS 6.7 (medium): Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
CVE-2024-33036 — CVSS 6.7 (medium): Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing…