CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2021-35090 — CVSS 9.3 (critical): Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35122 — CVSS 9.3 (critical): Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon…
CVE-2023-21651 — CVSS 9.3 (critical): Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2022-33219 — CVSS 9.3 (critical): Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
CVE-2022-33232 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2025-47372 — CVSS 9.0 (critical): Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
CVE-2023-43520 — CVSS 8.6 (high): Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
CVE-2023-43534 — CVSS 8.6 (high): Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
CVE-2022-25681 — CVSS 8.4 (high): Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation…
CVE-2022-33210 — CVSS 8.4 (high): Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large…
CVE-2021-35114 — CVSS 8.4 (high): Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto
CVE-2022-33282 — CVSS 8.4 (high): Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
CVE-2022-33307 — CVSS 8.4 (high): Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
CVE-2024-45555 — CVSS 8.4 (high): Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized…
CVE-2024-33035 — CVSS 8.4 (high): Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33028 — CVSS 8.4 (high): Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2021-35115 — CVSS 8.4 (high): Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
CVE-2021-35132 — CVSS 8.4 (high): Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-33073 — CVSS 8.2 (high): Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2025-21427 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2022-25746 — CVSS 8.1 (high): Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
CVE-2025-47357 — CVSS 8.0 (high): Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions.
CVE-2025-21456 — CVSS 7.8 (high): Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
CVE-2021-1950 — CVSS 7.8 (high): Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon…
CVE-2021-35094 — CVSS 7.8 (high): Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto…
CVE-2022-22103 — CVSS 7.8 (high): Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto
CVE-2022-25660 — CVSS 7.8 (high): Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…
CVE-2022-25713 — CVSS 7.8 (high): Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-33278 — CVSS 7.8 (high): Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-43550 — CVSS 7.8 (high): Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2024-43060 — CVSS 7.8 (high): Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
CVE-2024-43061 — CVSS 7.8 (high): Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in…
CVE-2024-43067 — CVSS 7.8 (high): Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2024-45553 — CVSS 7.8 (high): Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another…
CVE-2024-45564 — CVSS 7.8 (high): Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVE-2024-45584 — CVSS 7.8 (high): Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
CVE-2025-21445 — CVSS 7.8 (high): Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2025-21460 — CVSS 7.8 (high): Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.