Qualcomm Snapdragon 855+/860 Mobile Platform (sm8150-ac) Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon 855+/860 Mobile Platform (sm8150-ac) Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-23359 — CVSS 8.2 (high): Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2024-45551 — CVSS 6.2 (medium): Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure…