Qualcomm Snapdragon W5+ Gen 1 Wearable Platform Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon W5+ Gen 1 Wearable Platform Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-33035 — CVSS 8.4 (high): Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2023-43514 — CVSS 8.4 (high): Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
CVE-2023-33114 — CVSS 8.4 (high): Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2023-33113 — CVSS 8.4 (high): Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2022-33264 — CVSS 7.9 (high): Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
CVE-2025-21486 — CVSS 7.8 (high): Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2024-43067 — CVSS 7.8 (high): Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2025-47385 — CVSS 7.8 (high): Memory Corruption when accessing trusted execution environment without proper privilege check.
CVE-2025-21456 — CVSS 7.8 (high): Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
CVE-2025-21436 — CVSS 7.8 (high): Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2025-47377 — CVSS 7.8 (high): Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
CVE-2023-33110 — CVSS 7.8 (high): The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset…
CVE-2023-24850 — CVSS 7.8 (high): Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-33117 — CVSS 7.8 (high): Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…
CVE-2023-33118 — CVSS 7.8 (high): Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter…
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2022-40504 — CVSS 7.5 (high): Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
CVE-2022-33305 — CVSS 7.5 (high): Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.
CVE-2024-23353 — CVSS 7.5 (high): Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-33012 — CVSS 7.5 (high): Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33015 — CVSS 7.5 (high): Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor…
CVE-2022-33302 — CVSS 6.8 (medium): Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2022-33289 — CVSS 6.8 (medium): Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2022-33227 — CVSS 6.7 (medium): Memory corruption in Linux android due to double free while calling unregister provider after register call.
CVE-2023-28583 — CVSS 6.7 (medium): Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
CVE-2022-33301 — CVSS 6.7 (medium): Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from…
CVE-2024-33040 — CVSS 6.7 (medium): Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel…
CVE-2025-47334 — CVSS 6.7 (medium): Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVE-2024-33039 — CVSS 6.7 (medium): Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.
CVE-2024-33036 — CVSS 6.7 (medium): Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing…
CVE-2024-33032 — CVSS 6.7 (medium): Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
CVE-2024-23376 — CVSS 6.7 (medium): Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
CVE-2024-23374 — CVSS 6.7 (medium): Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics…