CVE-2023-43551 — CVSS 9.1 (critical): Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…
CVE-2023-43534 — CVSS 8.6 (high): Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
CVE-2023-43520 — CVSS 8.6 (high): Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
CVE-2022-25750 — CVSS 8.4 (high): Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
CVE-2023-33092 — CVSS 8.4 (high): Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2023-24844 — CVSS 8.4 (high): Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33028 — CVSS 8.4 (high): Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2024-23359 — CVSS 8.2 (high): Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2024-33073 — CVSS 8.2 (high): Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2025-21427 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2025-47377 — CVSS 7.8 (high): Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
CVE-2025-21468 — CVSS 7.8 (high): Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character…
CVE-2025-21469 — CVSS 7.8 (high): Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
CVE-2025-21470 — CVSS 7.8 (high): Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
CVE-2025-21475 — CVSS 7.8 (high): Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
CVE-2026-21378 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2025-21486 — CVSS 7.8 (high): Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2026-25271 — CVSS 7.8 (high): Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.
CVE-2023-24850 — CVSS 7.8 (high): Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2025-27031 — CVSS 7.8 (high): memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
CVE-2025-27032 — CVSS 7.8 (high): memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2025-47358 — CVSS 7.8 (high): Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2024-23369 — CVSS 7.8 (high): Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2024-33054 — CVSS 7.8 (high): Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2026-21376 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21375 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2025-59606 — CVSS 7.8 (high): Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.