Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2023-43520 — CVSS 8.6 (high): Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
CVE-2023-43534 — CVSS 8.6 (high): Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
CVE-2023-24844 — CVSS 8.4 (high): Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2023-33092 — CVSS 8.4 (high): Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2023-24850 — CVSS 7.8 (high): Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-28587 — CVSS 7.8 (high): Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
CVE-2023-28550 — CVSS 7.8 (high): Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-33117 — CVSS 7.8 (high): Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…
CVE-2023-33118 — CVSS 7.8 (high): Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter…
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2025-59605 — CVSS 7.8 (high): Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2023-33112 — CVSS 7.5 (high): Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2024-23352 — CVSS 7.5 (high): Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
CVE-2024-23353 — CVSS 7.5 (high): Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-23364 — CVSS 7.5 (high): Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…
CVE-2024-23385 — CVSS 7.5 (high): Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
CVE-2024-33015 — CVSS 7.5 (high): Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor…
CVE-2024-33018 — CVSS 7.5 (high): Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
CVE-2024-33024 — CVSS 7.5 (high): Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
CVE-2024-33025 — CVSS 7.5 (high): Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
CVE-2024-33026 — CVSS 7.5 (high): Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
CVE-2024-33063 — CVSS 7.5 (high): Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element…
CVE-2024-23377 — CVSS 6.7 (medium): Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system…
CVE-2025-59610 — CVSS 6.4 (medium): Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2024-45551 — CVSS 6.2 (medium): Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure…