Snapdragon 8 Gen 3 Mobile Firmware
Monthly
Transient DOS when processing a received frame with an excessively large authentication information element. [CVSS 6.5 MEDIUM]
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption during sub-system restart while processing clean-up to free up resources.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Transient DOS while processing received beacon frame.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory corruption while reading the FW response from the shared queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Transient DOS while parsing per STA profile in ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption during management frame processing due to mismatch in T2LM info element. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while power-up or power-down sequence of the camera sensor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption can occur in the camera when an invalid CID is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while validating number of devices in Camera kernel . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while parsing the ML IE due to invalid frame content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing frame packets. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing frame command IOCTL calls. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Memory corruption while processing IPA statistics, when there are no active clients registered. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Transient DOS when processing a received frame with an excessively large authentication information element. [CVSS 6.5 MEDIUM]
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption during sub-system restart while processing clean-up to free up resources.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Transient DOS while processing received beacon frame.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory corruption while reading the FW response from the shared queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Transient DOS while parsing per STA profile in ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption during management frame processing due to mismatch in T2LM info element. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while power-up or power-down sequence of the camera sensor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption can occur in the camera when an invalid CID is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption in Camera due to unusually high number of nodes passed to AXI port. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while validating number of devices in Camera kernel . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while parsing the ML IE due to invalid frame content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing frame packets. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing frame command IOCTL calls. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Memory corruption while processing IPA statistics, when there are no active clients registered. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.