CVE-2023-43551 — CVSS 9.1 (critical): Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33028 — CVSS 8.4 (high): Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2024-23372 — CVSS 8.4 (high): Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2022-25750 — CVSS 8.4 (high): Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
CVE-2023-24844 — CVSS 8.4 (high): Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2023-28587 — CVSS 7.8 (high): Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2023-24850 — CVSS 7.8 (high): Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-33117 — CVSS 7.8 (high): Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…
CVE-2024-33054 — CVSS 7.8 (high): Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2023-33118 — CVSS 7.8 (high): Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter…
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-33031 — CVSS 7.8 (high): Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
CVE-2025-47323 — CVSS 7.8 (high): Memory corruption while routing GPR packets between user and root when handling large data packet.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2023-33105 — CVSS 7.5 (high): Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence…
CVE-2023-33095 — CVSS 7.5 (high): Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2023-33086 — CVSS 7.5 (high): Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
CVE-2023-43539 — CVSS 7.5 (high): Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
CVE-2024-23352 — CVSS 7.5 (high): Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
CVE-2024-23353 — CVSS 7.5 (high): Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-23363 — CVSS 7.5 (high): Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
CVE-2024-23364 — CVSS 7.5 (high): Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…
CVE-2024-33011 — CVSS 7.5 (high): Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33013 — CVSS 7.5 (high): Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2024-33015 — CVSS 7.5 (high): Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor…
CVE-2024-33024 — CVSS 7.5 (high): Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
CVE-2024-33025 — CVSS 7.5 (high): Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
CVE-2024-33026 — CVSS 7.5 (high): Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
CVE-2024-33048 — CVSS 7.5 (high): Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33050 — CVSS 7.5 (high): Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-33057 — CVSS 7.5 (high): Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the…
CVE-2024-33063 — CVSS 7.5 (high): Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element…
CVE-2025-21446 — CVSS 7.5 (high): Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
CVE-2025-47334 — CVSS 6.7 (medium): Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVE-2024-23377 — CVSS 6.7 (medium): Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system…