Qualcomm Snapdragon 460 Mobile Platform Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon 460 Mobile Platform Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2023-33092 — CVSS 8.4 (high): Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2023-33114 — CVSS 8.4 (high): Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2024-33035 — CVSS 8.4 (high): Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2025-47323 — CVSS 7.8 (high): Memory corruption while routing GPR packets between user and root when handling large data packet.
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2025-47377 — CVSS 7.8 (high): Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2023-33118 — CVSS 7.8 (high): Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter…
CVE-2023-28587 — CVSS 7.8 (high): Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
CVE-2023-33117 — CVSS 7.8 (high): Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…
CVE-2023-33110 — CVSS 7.8 (high): The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset…
CVE-2026-21378 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21376 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2025-59606 — CVSS 7.8 (high): Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2025-59605 — CVSS 7.8 (high): Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-59604 — CVSS 7.8 (high): Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2024-33011 — CVSS 7.5 (high): Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33015 — CVSS 7.5 (high): Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor…
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2025-59616 — CVSS 6.6 (medium): Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
CVE-2025-59615 — CVSS 6.6 (medium): Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper…
CVE-2025-59610 — CVSS 6.4 (medium): Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2024-45551 — CVSS 6.2 (medium): Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure…
CVE-2023-28586 — CVSS 6.0 (medium): Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVE-2025-47369 — CVSS 5.5 (medium): Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVE-2025-59609 — CVSS 5.5 (medium): Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2026-21369 — CVSS 5.3 (medium): Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.
CVE-2026-21384 — CVSS 5.3 (medium): Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
CVE-2026-21370 — CVSS 5.3 (medium): Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
CVE-2026-21368 — CVSS 5.3 (medium): Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.