CVE-2023-43551 — CVSS 9.1 (critical): Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…
CVE-2023-43520 — CVSS 8.6 (high): Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
CVE-2023-43534 — CVSS 8.6 (high): Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
CVE-2023-43514 — CVSS 8.4 (high): Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
CVE-2024-21474 — CVSS 8.4 (high): Memory corruption when size of buffer from previous call is used without validation or re-initialization.
CVE-2022-25750 — CVSS 8.4 (high): Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33028 — CVSS 8.4 (high): Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2023-33113 — CVSS 8.4 (high): Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
CVE-2023-24844 — CVSS 8.4 (high): Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
CVE-2023-33119 — CVSS 8.4 (high): Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2023-33092 — CVSS 8.4 (high): Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2026-24088 — CVSS 8.2 (high): Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2023-24848 — CVSS 8.2 (high): Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2025-47394 — CVSS 7.8 (high): Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVE-2023-24850 — CVSS 7.8 (high): Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-28550 — CVSS 7.8 (high): Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-28587 — CVSS 7.8 (high): Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
CVE-2023-33115 — CVSS 7.8 (high): Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2023-33117 — CVSS 7.8 (high): Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE…
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-43550 — CVSS 7.8 (high): Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2024-38410 — CVSS 7.8 (high): Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
CVE-2024-45542 — CVSS 7.8 (high): Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2024-45546 — CVSS 7.8 (high): Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
CVE-2024-45547 — CVSS 7.8 (high): Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.
CVE-2024-45548 — CVSS 7.8 (high): Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
CVE-2024-45550 — CVSS 7.8 (high): Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls.
CVE-2024-45553 — CVSS 7.8 (high): Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another…
CVE-2024-45557 — CVSS 7.8 (high): Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
CVE-2024-45560 — CVSS 7.8 (high): Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.
CVE-2024-45571 — CVSS 7.8 (high): Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
CVE-2024-45573 — CVSS 7.8 (high): Memory corruption may occour while generating test pattern due to negative indexing of display ID.
CVE-2024-49836 — CVSS 7.8 (high): Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
CVE-2024-49840 — CVSS 7.8 (high): Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
CVE-2024-49841 — CVSS 7.8 (high): Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
CVE-2024-49842 — CVSS 7.8 (high): Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
CVE-2024-53033 — CVSS 7.8 (high): Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.
CVE-2024-53034 — CVSS 7.8 (high): Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the…
CVE-2025-21436 — CVSS 7.8 (high): Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.