Qualcomm Sxr2230p Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Sxr2230p Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2022-40514 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2023-43534 — CVSS 8.6 (high): Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
CVE-2023-43520 — CVSS 8.6 (high): Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2022-25738 — CVSS 8.2 (high): Information disclosure in modem due to buffer over-red while performing checksum of packet received
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2022-25726 — CVSS 8.2 (high): Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
CVE-2022-33287 — CVSS 8.2 (high): Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
CVE-2022-25728 — CVSS 8.2 (high): Information disclosure in modem due to buffer over-read while processing response from DNS server
CVE-2022-25732 — CVSS 8.2 (high): Information disclosure in modem due to buffer over read in dns client due to missing length check
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-59605 — CVSS 7.8 (high): Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-21486 — CVSS 7.8 (high): Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2024-43060 — CVSS 7.8 (high): Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
CVE-2024-43061 — CVSS 7.8 (high): Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in…
CVE-2024-43062 — CVSS 7.8 (high): Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.
CVE-2024-43067 — CVSS 7.8 (high): Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2024-45553 — CVSS 7.8 (high): Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another…
CVE-2024-45554 — CVSS 7.8 (high): Memory corruption during concurrent SSR execution due to race condition on the global maps list.
CVE-2024-45557 — CVSS 7.8 (high): Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-45571 — CVSS 7.8 (high): Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2022-33278 — CVSS 7.8 (high): Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
CVE-2025-59604 — CVSS 7.8 (high): Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2023-28587 — CVSS 7.8 (high): Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
CVE-2025-47407 — CVSS 7.8 (high): Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2023-33110 — CVSS 7.8 (high): The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset…
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2025-47398 — CVSS 7.8 (high): Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
CVE-2025-47397 — CVSS 7.8 (high): Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2026-21381 — CVSS 7.6 (high): Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network…
CVE-2022-25735 — CVSS 7.5 (high): Denial of service in modem due to missing null check while processing TCP or UDP packets from server
CVE-2022-25739 — CVSS 7.5 (high): Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
CVE-2022-33304 — CVSS 7.5 (high): Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.
CVE-2022-33306 — CVSS 7.5 (high): Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
CVE-2022-33309 — CVSS 7.5 (high): Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
CVE-2022-34146 — CVSS 7.5 (high): Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
CVE-2023-28584 — CVSS 7.5 (high): Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).