Qualcomm Sd 8 Gen1 5g Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Sd 8 Gen1 5g Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2022-25708 — CVSS 9.8 (critical): Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile
CVE-2022-25720 — CVSS 9.8 (critical): Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30341 — CVSS 9.8 (critical): Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22096 — CVSS 9.8 (critical): Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in…
CVE-2022-40514 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2022-22088 — CVSS 9.8 (critical): Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
CVE-2021-35104 — CVSS 9.8 (critical): Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25748 — CVSS 9.8 (critical): Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute…
CVE-2022-33232 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2021-30343 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in…
CVE-2021-30347 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in…
CVE-2021-30339 — CVSS 9.0 (critical): Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial…
CVE-2021-35123 — CVSS 8.8 (high): Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon…
CVE-2025-47392 — CVSS 8.8 (high): Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
CVE-2021-35126 — CVSS 8.4 (high): Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-35134 — CVSS 8.4 (high): Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in…
CVE-2022-22057 — CVSS 8.4 (high): Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously…
CVE-2022-22059 — CVSS 8.4 (high): Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2022-33307 — CVSS 8.4 (high): Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
CVE-2022-33214 — CVSS 8.4 (high): Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33277 — CVSS 8.4 (high): Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
CVE-2022-33276 — CVSS 8.4 (high): Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
CVE-2021-30350 — CVSS 8.4 (high): Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-35068 — CVSS 8.4 (high): Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in…
CVE-2021-35074 — CVSS 8.4 (high): Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto…
CVE-2021-35075 — CVSS 8.4 (high): Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity…
CVE-2021-35077 — CVSS 8.4 (high): Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon…
CVE-2024-33035 — CVSS 8.4 (high): Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2021-35091 — CVSS 8.4 (high): Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon…
CVE-2021-35095 — CVSS 8.4 (high): Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register…
CVE-2021-30318 — CVSS 8.4 (high): Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35105 — CVSS 8.4 (high): Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2024-23373 — CVSS 8.4 (high): Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-23372 — CVSS 8.4 (high): Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2021-35112 — CVSS 8.4 (high): A user with user level permission can access graphics protected region due to improper access control in register configuration in…
CVE-2024-23351 — CVSS 8.4 (high): Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
CVE-2024-21481 — CVSS 8.4 (high): Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
CVE-2022-25681 — CVSS 8.4 (high): Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation…
CVE-2022-25682 — CVSS 8.4 (high): Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon…
CVE-2023-21672 — CVSS 8.4 (high): Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
CVE-2022-40540 — CVSS 8.4 (high): Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
CVE-2022-40532 — CVSS 8.4 (high): Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2022-40531 — CVSS 8.4 (high): Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
CVE-2022-40530 — CVSS 8.4 (high): Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
CVE-2022-25693 — CVSS 8.4 (high): Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile
CVE-2022-25695 — CVSS 8.4 (high): Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto…
CVE-2022-25696 — CVSS 8.4 (high): Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25697 — CVSS 8.4 (high): Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile…
CVE-2022-25698 — CVSS 8.4 (high): Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile…
CVE-2021-30334 — CVSS 8.4 (high): Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25723 — CVSS 8.4 (high): Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
CVE-2022-25724 — CVSS 8.4 (high): Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22066 — CVSS 8.4 (high): Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute…
CVE-2023-33119 — CVSS 8.4 (high): Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2022-22074 — CVSS 8.4 (high): Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2023-33113 — CVSS 8.4 (high): Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
CVE-2022-22077 — CVSS 8.4 (high): Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
CVE-2022-22081 — CVSS 8.4 (high): Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon…
CVE-2022-22082 — CVSS 8.4 (high): Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon…
CVE-2022-22084 — CVSS 8.4 (high): Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22085 — CVSS 8.4 (high): Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22089 — CVSS 8.4 (high): Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile…
CVE-2022-22090 — CVSS 8.4 (high): Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity…
CVE-2022-25656 — CVSS 8.4 (high): Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the…
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2021-35083 — CVSS 8.2 (high): Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon…
CVE-2022-22062 — CVSS 8.2 (high): An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2022-33255 — CVSS 8.2 (high): Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
CVE-2022-25706 — CVSS 8.2 (high): Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute…
CVE-2022-33268 — CVSS 8.2 (high): Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute…
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2022-33235 — CVSS 8.2 (high): Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto…
CVE-2021-35088 — CVSS 8.2 (high): Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon…
CVE-2025-21427 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2022-25746 — CVSS 8.1 (high): Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
CVE-2021-35110 — CVSS 8.1 (high): Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon…
CVE-2021-30308 — CVSS 7.8 (high): Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto…
CVE-2021-30311 — CVSS 7.8 (high): Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30319 — CVSS 7.8 (high): Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto…
CVE-2021-30322 — CVSS 7.8 (high): Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto…
CVE-2021-30333 — CVSS 7.8 (high): Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-35069 — CVSS 7.8 (high): Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35102 — CVSS 7.8 (high): Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35103 — CVSS 7.8 (high): Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon…
CVE-2021-35106 — CVSS 7.8 (high): Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-35129 — CVSS 7.8 (high): Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon…
CVE-2022-22061 — CVSS 7.8 (high): Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute…
CVE-2022-22070 — CVSS 7.8 (high): Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute…
CVE-2022-22092 — CVSS 7.8 (high): Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT…
CVE-2022-22093 — CVSS 7.8 (high): Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from…
CVE-2022-22094 — CVSS 7.8 (high): memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity…
CVE-2022-25660 — CVSS 7.8 (high): Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…
CVE-2022-25705 — CVSS 7.8 (high): Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
CVE-2022-25713 — CVSS 7.8 (high): Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
CVE-2022-33217 — CVSS 7.8 (high): Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised…
CVE-2022-33233 — CVSS 7.8 (high): Memory corruption due to configuration weakness in modem wile sending command to write protected files.
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2022-33248 — CVSS 7.8 (high): Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
CVE-2022-33278 — CVSS 7.8 (high): Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-43550 — CVSS 7.8 (high): Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.