Qualcomm Snapdragon 888+ 5g Mobile Platform (sm8350-ac) Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon 888+ 5g Mobile Platform (sm8350-ac) Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-21481 — CVSS 8.4 (high): Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-23359 — CVSS 8.2 (high): Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2024-23364 — CVSS 7.5 (high): Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-23352 — CVSS 7.5 (high): Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
CVE-2024-45551 — CVSS 6.2 (medium): Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure…
CVE-2025-47369 — CVSS 5.5 (medium): Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.