CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2025-47389 — CVSS 7.8 (high): Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
CVE-2024-45553 — CVSS 7.8 (high): Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another…
CVE-2024-45571 — CVSS 7.8 (high): Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2025-21436 — CVSS 7.8 (high): Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-21476 — CVSS 7.8 (high): Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
CVE-2025-21486 — CVSS 7.8 (high): Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-47394 — CVSS 7.8 (high): Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVE-2025-47396 — CVSS 7.8 (high): Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVE-2025-47397 — CVSS 7.8 (high): Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2025-47398 — CVSS 7.8 (high): Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
CVE-2025-47407 — CVSS 7.8 (high): Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2025-59604 — CVSS 7.8 (high): Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2025-59606 — CVSS 7.8 (high): Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2026-21381 — CVSS 7.6 (high): Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network…
CVE-2026-21367 — CVSS 7.6 (high): Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2024-33063 — CVSS 7.5 (high): Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element…
CVE-2024-45558 — CVSS 7.5 (high): Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE…
CVE-2025-21446 — CVSS 7.5 (high): Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
CVE-2026-21383 — CVSS 7.1 (high): Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to…
CVE-2025-47366 — CVSS 7.1 (high): Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
CVE-2025-47378 — CVSS 7.1 (high): Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVE-2025-21422 — CVSS 7.1 (high): Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
CVE-2025-59615 — CVSS 6.6 (medium): Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper…
CVE-2025-59616 — CVSS 6.6 (medium): Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
CVE-2025-47374 — CVSS 6.5 (medium): Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
CVE-2025-47403 — CVSS 6.5 (medium): Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVE-2025-47402 — CVSS 6.5 (medium): Transient DOS when processing a received frame with an excessively large authentication information element.
CVE-2025-47404 — CVSS 6.5 (medium): Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
CVE-2025-59610 — CVSS 6.4 (medium): Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2024-45551 — CVSS 6.2 (medium): Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure…
CVE-2025-47369 — CVSS 5.5 (medium): Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVE-2024-38426 — CVSS 5.4 (medium): While processing the authentication message in UE, improper authentication may lead to information disclosure.
CVE-2026-21369 — CVSS 5.3 (medium): Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.
CVE-2026-21384 — CVSS 5.3 (medium): Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
CVE-2026-21370 — CVSS 5.3 (medium): Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
CVE-2026-21368 — CVSS 5.3 (medium): Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.