Qualcomm Snapdragon 439 Mobile Platform Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon 439 Mobile Platform Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-23373 — CVSS 8.4 (high): Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-23359 — CVSS 8.2 (high): Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2023-28550 — CVSS 7.8 (high): Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-33110 — CVSS 7.8 (high): The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset…
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2024-23353 — CVSS 7.5 (high): Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-23385 — CVSS 7.5 (high): Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-23358 — CVSS 7.5 (high): Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2025-21428 — CVSS 7.5 (high): Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.