CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2024-23369 — CVSS 7.8 (high): Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
CVE-2024-45553 — CVSS 7.8 (high): Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another…
CVE-2024-45571 — CVSS 7.8 (high): Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2025-21436 — CVSS 7.8 (high): Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-21486 — CVSS 7.8 (high): Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-47394 — CVSS 7.8 (high): Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVE-2025-47396 — CVSS 7.8 (high): Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVE-2025-47397 — CVSS 7.8 (high): Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2025-47398 — CVSS 7.8 (high): Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
CVE-2025-47407 — CVSS 7.8 (high): Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2025-59604 — CVSS 7.8 (high): Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2025-59605 — CVSS 7.8 (high): Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-59606 — CVSS 7.8 (high): Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2026-21367 — CVSS 7.6 (high): Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2026-21381 — CVSS 7.6 (high): Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network…
CVE-2024-45558 — CVSS 7.5 (high): Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE…
CVE-2025-21446 — CVSS 7.5 (high): Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
CVE-2025-27029 — CVSS 7.5 (high): Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
CVE-2024-33050 — CVSS 7.5 (high): Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-23377 — CVSS 6.7 (medium): Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system…
CVE-2025-59616 — CVSS 6.6 (medium): Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
CVE-2025-59615 — CVSS 6.6 (medium): Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper…
CVE-2025-47402 — CVSS 6.5 (medium): Transient DOS when processing a received frame with an excessively large authentication information element.
CVE-2025-47403 — CVSS 6.5 (medium): Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVE-2025-47404 — CVSS 6.5 (medium): Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
CVE-2025-59610 — CVSS 6.4 (medium): Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2024-45551 — CVSS 6.2 (medium): Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure…
CVE-2025-59609 — CVSS 5.5 (medium): Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2025-47369 — CVSS 5.5 (medium): Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVE-2024-38426 — CVSS 5.4 (medium): While processing the authentication message in UE, improper authentication may lead to information disclosure.
CVE-2026-21368 — CVSS 5.3 (medium): Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
CVE-2026-21370 — CVSS 5.3 (medium): Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
CVE-2026-21369 — CVSS 5.3 (medium): Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.