Home › Vendors › Qualcomm › Snapdragon Xr2 5g Platform FirmwareQualcomm Snapdragon Xr2 5g Platform Firmware — known CVE vulnerabilities Every CVE whose affected-product data names Qualcomm Snapdragon Xr2 5g Platform Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200) CVE-2025-21483 — CVSS 9.8 (critical) : Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.CVE-2023-33028 — CVSS 9.8 (critical) : Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.CVE-2023-22388 — CVSS 9.8 (critical) : Memory Corruption in Multi-mode Call Processor while processing bit mask API.CVE-2023-33045 — CVSS 9.8 (critical) : Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.CVE-2022-33288 — CVSS 9.3 (critical) : Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…CVE-2022-33269 — CVSS 9.3 (critical) : Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.CVE-2022-33231 — CVSS 9.3 (critical) : Memory corruption due to double free in core while initializing the encryption key.CVE-2023-33030 — CVSS 9.3 (critical) : Memory corruption in HLOS while running playready use-case.CVE-2023-33072 — CVSS 9.3 (critical) : Memory corruption in Core while processing control functions.CVE-2023-33054 — CVSS 9.1 (critical) : Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.CVE-2023-28540 — CVSS 9.1 (critical) : Cryptographic issue in Data Modem due to improper authentication during TLS handshake.CVE-2026-25277 — CVSS 8.8 (high) : Memory corruption while using Strongbox due to buffer overflow.CVE-2026-25276 — CVSS 8.8 (high) : Memory corruption while using Strongbox due to missing bounds check.CVE-2023-21673 — CVSS 8.7 (high) : Improper Access to the VM resource manager can lead to Memory Corruption.CVE-2023-33107 — CVSS 8.4 (high) — actively exploited : Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.CVE-2022-33307 — CVSS 8.4 (high) : Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.CVE-2023-33114 — CVSS 8.4 (high) : Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.CVE-2023-33033 — CVSS 8.4 (high) : Memory corruption in Audio during playback with speaker protection.CVE-2024-23373 — CVSS 8.4 (high) : Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.CVE-2023-33022 — CVSS 8.4 (high) : Memory corruption in HLOS while invoking IOCTL calls from user-space.CVE-2024-33023 — CVSS 8.4 (high) : Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.CVE-2023-33106 — CVSS 8.4 (high) — actively exploited : Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.CVE-2024-33035 — CVSS 8.4 (high) : Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.CVE-2023-33094 — CVSS 8.4 (high) : Memory corruption while running VK synchronization with KASAN enabled.CVE-2024-33044 — CVSS 8.4 (high) : Memory corruption while Configuring the SMR/S2CR register in Bypass mode.CVE-2024-33056 — CVSS 8.4 (high) : Memory corruption when allocating and accessing an entry in an SMEM partition continuously.CVE-2023-28538 — CVSS 8.4 (high) : Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.CVE-2023-28537 — CVSS 8.4 (high) : Memory corruption while allocating memory in COmxApeDec module in Audio.CVE-2022-33275 — CVSS 8.4 (high) : Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.CVE-2022-40532 — CVSS 8.4 (high) : Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.CVE-2023-24853 — CVSS 8.4 (high) : Memory Corruption in HLOS while registering for key provisioning notify.CVE-2023-24852 — CVSS 8.4 (high) : Memory Corruption in Core due to secure memory access by user while loading modem image.CVE-2023-33088 — CVSS 8.4 (high) : Memory corruption when processing cmd parameters while parsing vdev.CVE-2023-33074 — CVSS 8.4 (high) : Memory corruption in Audio when SSR event is triggered after music playback is stopped.CVE-2024-21461 — CVSS 8.4 (high) : Memory corruption while performing finish HMAC operation when context is freed by keymaster.CVE-2024-21481 — CVSS 8.4 (high) : Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.CVE-2023-21665 — CVSS 8.4 (high) : Memory corruption in Graphics while importing a file.CVE-2023-21666 — CVSS 8.4 (high) : Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.CVE-2022-40507 — CVSS 8.4 (high) : Memory corruption due to double free in Core while mapping HLOS address to the list.CVE-2024-53026 — CVSS 8.2 (high) : Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.CVE-2024-53020 — CVSS 8.2 (high) : Information disclosure may occur while decoding the RTP packet with invalid header extension from network.CVE-2024-45552 — CVSS 8.2 (high) : Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…CVE-2024-23359 — CVSS 8.2 (high) : Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.CVE-2023-21669 — CVSS 8.2 (high) : Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.CVE-2023-22385 — CVSS 8.2 (high) : Memory Corruption in Data Modem while making a MO call or MT VOLTE call.CVE-2024-38408 — CVSS 8.2 (high) : Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.CVE-2023-24848 — CVSS 8.2 (high) : Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.CVE-2023-24849 — CVSS 8.2 (high) : Information Disclosure in data Modem while parsing an FMTP line in an SDP message.CVE-2023-28545 — CVSS 8.2 (high) : Memory corruption in TZ Secure OS while loading an app ELF.CVE-2023-28585 — CVSS 8.2 (high) : Memory corruption while loading an ELF segment in TEE Kernel.CVE-2026-24088 — CVSS 8.2 (high) : Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.CVE-2025-21488 — CVSS 8.2 (high) : Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.CVE-2025-21487 — CVSS 8.2 (high) : Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…CVE-2022-40503 — CVSS 8.2 (high) : Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.CVE-2025-21484 — CVSS 8.2 (high) : Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.CVE-2024-53021 — CVSS 8.2 (high) : Information disclosure may occur while processing goodbye RTCP packet from network.CVE-2022-33264 — CVSS 7.9 (high) : Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.CVE-2023-28550 — CVSS 7.8 (high) : Memory corruption in MPP performance while accessing DSM watermark using external memory address.CVE-2023-28551 — CVSS 7.8 (high) : Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.CVE-2025-47348 — CVSS 7.8 (high) : Memory corruption while processing identity credential operations in the trusted application.CVE-2025-47320 — CVSS 7.8 (high) : Memory corruption while processing MFC channel configuration during music playback.CVE-2025-47379 — CVSS 7.8 (high) : Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…CVE-2025-27070 — CVSS 7.8 (high) : Memory corruption while performing encryption and decryption commands.CVE-2023-28557 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.CVE-2023-28558 — CVSS 7.8 (high) : Memory corruption in WLAN handler while processing PhyID in Tx status handler.CVE-2025-27063 — CVSS 7.8 (high) : Memory corruption during video playback when video session open fails with time out error.CVE-2025-27054 — CVSS 7.8 (high) : Memory corruption while processing a malformed license file during reboot.CVE-2025-47389 — CVSS 7.8 (high) : Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.CVE-2025-27053 — CVSS 7.8 (high) : Memory corruption during PlayReady APP usecase while processing TA commands.CVE-2023-28587 — CVSS 7.8 (high) : Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.CVE-2024-53010 — CVSS 7.8 (high) : Memory corruption may occur while attaching VM when the HLOS retains access to VM.CVE-2023-33017 — CVSS 7.8 (high) : Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.CVE-2023-33018 — CVSS 7.8 (high) : Memory corruption while using the UIM diag command to get the operators name.CVE-2024-38422 — CVSS 7.8 (high) : Memory corruption while processing voice packet with arbitrary data received from ADSP.CVE-2025-27037 — CVSS 7.8 (high) : Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.CVE-2026-21385 — CVSS 7.8 (high) — actively exploited : Memory corruption while using alignments for memory allocation.CVE-2025-59605 — CVSS 7.8 (high) : Memory Corruption when processing device identifier strings that exceed the expected maximum length.CVE-2023-21670 — CVSS 7.8 (high) : Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.CVE-2024-23369 — CVSS 7.8 (high) : Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.CVE-2023-33031 — CVSS 7.8 (high) : Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.CVE-2024-23368 — CVSS 7.8 (high) : Memory corruption when allocating and accessing an entry in an SMEM partition.CVE-2023-33035 — CVSS 7.8 (high) : Memory corruption while invoking callback function of AFE from ADSP.CVE-2025-27032 — CVSS 7.8 (high) : memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.CVE-2023-43513 — CVSS 7.8 (high) : Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…CVE-2025-47386 — CVSS 7.8 (high) : Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.CVE-2025-59604 — CVSS 7.8 (high) : Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.CVE-2024-38423 — CVSS 7.8 (high) : Memory corruption while processing GPU page table switch.CVE-2023-33110 — CVSS 7.8 (high) : The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset…CVE-2024-43052 — CVSS 7.8 (high) : Memory corruption while processing API calls to NPU with invalid input.CVE-2022-25713 — CVSS 7.8 (high) : Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.CVE-2024-23356 — CVSS 7.8 (high) : Memory corruption during session sign renewal request calls in HLOS.CVE-2024-23355 — CVSS 7.8 (high) : Memory corruption when keymaster operation imports a shared key.CVE-2023-33055 — CVSS 7.8 (high) : Memory Corruption in Audio while invoking callback function in driver from ADSP.CVE-2024-43066 — CVSS 7.8 (high) : Memory corruption while handling file descriptor during listener registration/de-registration.CVE-2023-33059 — CVSS 7.8 (high) : Memory corruption in Audio while processing the VOC packet data from ADSP.CVE-2024-21465 — CVSS 7.8 (high) : Memory corruption while processing key blob passed by the user.CVE-2023-33063 — CVSS 7.8 (high) — actively exploited : Memory corruption in DSP Services during a remote call from HLOS to DSP.CVE-2023-33120 — CVSS 7.8 (high) : Memory corruption in Audio when memory map command is executed consecutively in ADSP.CVE-2024-43067 — CVSS 7.8 (high) : Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.CVE-2025-21481 — CVSS 7.8 (high) : Memory corruption while performing private key encryption in trusted application.CVE-2025-21474 — CVSS 7.8 (high) : Memory corruption while processing commands from A2dp sink command queue.CVE-2025-21455 — CVSS 7.8 (high) : Memory corruption while submitting blob data to kernel space though IOCTL.CVE-2026-25260 — CVSS 7.8 (high) : Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.CVE-2023-33118 — CVSS 7.8 (high) : Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter…CVE-2023-33117 — CVSS 7.8 (high) : Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…CVE-2023-33079 — CVSS 7.8 (high) : Memory corruption in Audio while running invalid audio recording from ADSP.CVE-2025-59603 — CVSS 7.8 (high) : Memory Corruption when processing invalid user address with nonstandard buffer address.CVE-2025-59600 — CVSS 7.8 (high) : Memory Corruption when adding user-supplied data without checking available buffer space.CVE-2023-28548 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.CVE-2023-28549 — CVSS 7.8 (high) : Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.CVE-2023-21657 — CVSS 7.8 (high) : Memoru corruption in Audio when ADSP sends input during record use case.CVE-2023-24850 — CVSS 7.8 (high) : Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.CVE-2026-25259 — CVSS 7.8 (high) : Memory corruption while processing multiple IOCTL command for escape operations.CVE-2025-47376 — CVSS 7.8 (high) : Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.CVE-2025-47375 — CVSS 7.8 (high) : Memory corruption while handling different IOCTL calls from the user-space simultaneously.CVE-2024-38415 — CVSS 7.8 (high) : Memory corruption while handling session errors from firmware.CVE-2023-21656 — CVSS 7.8 (high) : Memory corruption in WLAN HOST while receiving an WMI event from firmware.CVE-2023-28546 — CVSS 7.8 (high) : Memory Corruption in SPS Application while exporting public key in sorter TA.CVE-2024-45549 — CVSS 7.7 (high) : Information disclosure while creating MQ channels.CVE-2023-33057 — CVSS 7.5 (high) : Transient DOS in Multi-Mode Call Processor while processing UE policy container.CVE-2022-33251 — CVSS 7.5 (high) : Transient DOS due to reachable assertion in Modem because of invalid network configuration.CVE-2022-40504 — CVSS 7.5 (high) : Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.CVE-2022-40508 — CVSS 7.5 (high) : Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.CVE-2022-40521 — CVSS 7.5 (high) : Transient DOS due to improper authorization in ModemCVE-2022-40536 — CVSS 7.5 (high) : Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.CVE-2023-21658 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.CVE-2023-21659 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while processing frames with missing header fields.CVE-2023-21661 — CVSS 7.5 (high) : Transient DOS while parsing WLAN beacon or probe-response frame.CVE-2023-24843 — CVSS 7.5 (high) : Transient DOS in Modem while triggering a camping on an 5G cell.CVE-2023-24847 — CVSS 7.5 (high) : Transient DOS in Modem while allocating DSM items.CVE-2023-28555 — CVSS 7.5 (high) : Transient DOS in Audio while remapping channel buffer in media codec decoding.CVE-2023-28588 — CVSS 7.5 (high) : Transient DOS in Bluetooth Host while rfc slot allocation.CVE-2023-33026 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing a NAN management frame.CVE-2023-33027 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing rsn ies.CVE-2023-33040 — CVSS 7.5 (high) : Transient DOS in Data Modem during DTLS handshake.CVE-2023-33042 — CVSS 7.5 (high) : Transient DOS in Modem after RRC Setup message is received.CVE-2023-33044 — CVSS 7.5 (high) : Transient DOS in Data modem while handling TLB control messages from the Network.CVE-2023-33047 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing no-inherit IES.CVE-2023-33049 — CVSS 7.5 (high) : Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.CVE-2022-22060 — CVSS 7.5 (high) : Assertion occurs while processing Reconfiguration message due to improper validationCVE-2023-33062 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware while parsing a BTM request.CVE-2023-33080 — CVSS 7.5 (high) : Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.CVE-2023-33081 — CVSS 7.5 (high) : Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.CVE-2023-33089 — CVSS 7.5 (high) : Transient DOS when processing a NULL buffer while parsing WLAN vdev.CVE-2023-33098 — CVSS 7.5 (high) : Transient DOS while parsing WPA IES, when it is passed with length more than expected size.CVE-2023-33109 — CVSS 7.5 (high) : Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.CVE-2023-43511 — CVSS 7.5 (high) : Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…CVE-2023-43522 — CVSS 7.5 (high) : Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.CVE-2023-43523 — CVSS 7.5 (high) : Transient DOS while processing 11AZ RTT management action frame received through OTA.CVE-2023-43533 — CVSS 7.5 (high) : Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.CVE-2023-43536 — CVSS 7.5 (high) : Transient DOS while parse fils IE with length equal to 1.CVE-2024-21479 — CVSS 7.5 (high) : Transient DOS during music playback of ALAC content.CVE-2024-23352 — CVSS 7.5 (high) : Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.CVE-2024-23353 — CVSS 7.5 (high) : Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.CVE-2024-23364 — CVSS 7.5 (high) : Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…CVE-2024-33014 — CVSS 7.5 (high) : Transient DOS while parsing ESP IE from beacon/probe response frame.CVE-2024-33020 — CVSS 7.5 (high) : Transient DOS while processing TID-to-link mapping IE elements.CVE-2024-33024 — CVSS 7.5 (high) : Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.CVE-2024-33025 — CVSS 7.5 (high) : Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.CVE-2024-33058 — CVSS 7.5 (high) : Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.CVE-2025-21429 — CVSS 7.5 (high) : Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.CVE-2025-21430 — CVSS 7.5 (high) : Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.CVE-2025-21448 — CVSS 7.5 (high) : Transient DOS may occur while parsing SSID in action frames.CVE-2025-21452 — CVSS 7.5 (high) : Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.CVE-2025-27065 — CVSS 7.5 (high) : Transient DOS while processing a frame with malformed shared-key descriptor.CVE-2025-27066 — CVSS 7.5 (high) : Transient DOS while processing an ANQP message.CVE-2025-27073 — CVSS 7.5 (high) : Transient DOS while creating NDP instance.CVE-2025-47318 — CVSS 7.5 (high) : Transient DOS while parsing the EPTM test control message to get the test pattern.CVE-2023-43519 — CVSS 7.3 (high) : Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.CVE-2023-43518 — CVSS 7.3 (high) : Memory corruption in video while parsing invalid mp2 clip.CVE-2025-27071 — CVSS 7.3 (high) : Memory corruption while processing specific files in Powerline Communication Firmware.CVE-2022-33273 — CVSS 7.3 (high) : Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.CVE-2024-21469 — CVSS 7.3 (high) : Memory corruption when an invoke call and a TEE call are bound for the same trusted application.CVE-2026-24092 — CVSS 7.2 (high) : Memory Corruption when processing fastboot commands to set display mode.CVE-2026-24087 — CVSS 7.2 (high) : Memory corruption while processing fastboot OEM commands.CVE-2026-24085 — CVSS 7.2 (high) : Memory Corruption when processing display command line information due to improper initialization of a variable.CVE-2026-24089 — CVSS 7.2 (high) : Memory corruption while processing fastboot commands with invalid input.CVE-2026-24091 — CVSS 7.2 (high) : Memory corruption while processing fastboot commands with improperly formatted input.CVE-2022-22076 — CVSS 7.1 (high) : information disclosure due to cryptographic issue in Core during RPMB read request.CVE-2022-40523 — CVSS 7.1 (high) : Information disclosure in Kernel due to indirect branch misprediction.CVE-2024-21462 — CVSS 7.1 (high) : Transient DOS while loading the TA ELF file.CVE-2023-28556 — CVSS 7.1 (high) : Cryptographic issue in HLOS during key management.CVE-2024-43065 — CVSS 7.1 (high) : Cryptographic issues while generating an asymmetric key pair for RKP use cases.CVE-2024-23362 — CVSS 7.1 (high) : Cryptographic issue while parsing RSA keys in COBR format.CVE-2023-33036 — CVSS 7.1 (high) : Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.CVE-2023-33037 — CVSS 7.1 (high) : Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.CVE-2025-21482 — CVSS 7.1 (high) : Cryptographic issue while performing RSA PKCS padding decoding.CVE-2026-24090 — CVSS 7.1 (high) : Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.CVE-2022-40529 — CVSS 7.1 (high) : Memory corruption due to improper access control in kernel while processing a mapping request from root process.CVE-2025-47378 — CVSS 7.1 (high) : Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.CVE-2024-33016 — CVSS 6.8 (medium) : memory corruption when an invalid firehose patch command is invoked.CVE-2022-33302 — CVSS 6.8 (medium) : Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.CVE-2022-33289 — CVSS 6.8 (medium) : Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.CVE-2023-22383 — CVSS 6.7 (medium) : Memory Corruption in camera while installing a fd for a particular DMA buffer.CVE-2023-22668 — CVSS 6.7 (medium) : Memory Corruption in Audio while invoking IOCTLs calls from the user-space.CVE-2023-33068 — CVSS 6.7 (medium) : Memory corruption in Audio while processing IIR config data from AFE calibration block.CVE-2024-33032 — CVSS 6.7 (medium) : Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.CVE-2024-33036 — CVSS 6.7 (medium) : Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing…CVE-2023-33038 — CVSS 6.7 (medium) : Memory corruption while receiving a message in Bus Socket Transport Server.CVE-2024-33053 — CVSS 6.7 (medium) : Memory corruption when multiple threads try to unregister the CVP buffer at the same time.