Skip to main content

Snapdragon Auto 4g Modem Firmware

89 CVEs product

Monthly

CVE-2025-47383 HIGH This Week

5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).

Information Disclosure Snapdragon 820am Firmware Video Collaboration Vc3 Platform Firmware Sw5100p Firmware Sm6250 Firmware +190
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-47379 HIGH PATCH This Week

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]

Memory Corruption Qualcomm 215 Mobile Platform Firmware Qcm2290 Firmware Qca9377 Firmware Qca6574 Firmware +166
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47333 MEDIUM PATCH This Month

Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]

Memory Corruption Snapdragon 778g 5g Mobile Platform Firmware Sa6150p Firmware Qam8650p Firmware Qfw7114 Firmware +217
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-47330 MEDIUM PATCH This Month

Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]

Denial Of Service Fastconnect 6700 Firmware Qca6574a Firmware Qca9377 Firmware Snapdragon X72 5g Modem Rf System Firmware +202
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47370 MEDIUM This Month

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Csrb31024 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +131
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47318 HIGH This Week

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +198
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21482 HIGH This Month

Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +283
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-21481 HIGH This Month

Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +245
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27066 HIGH This Month

Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +366
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-21465 MEDIUM This Month

Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +344
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21464 MEDIUM This Month

Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +337
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27042 HIGH PATCH This Week

Memory corruption while processing video packets received from video firmware.

Buffer Overflow Sg4150p Firmware Sd888 Firmware Qcm5430 Firmware Qca6420 Firmware +330
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21454 HIGH This Week

Transient DOS while processing received beacon frame.

Buffer Overflow Snapdragon 4 Gen 1 Mobile Firmware Sd855 Firmware Vision Intelligence 400 Firmware Sa8650p Firmware +177
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21453 HIGH PATCH This Week

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware +257
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21448 HIGH This Week

Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9070 Firmware Qcn9072 Firmware Qcn9074 Firmware Qcn9100 Firmware +263
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21430 HIGH This Week

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +219
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21429 HIGH This Week

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sa9000p Firmware Sd626 Firmware Sd660 Firmware Sd670 Firmware +178
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-43066 HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Csrb31024 Firmware Fastconnect 6200 Firmware +96
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38418 HIGH PATCH This Month

Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow C V2x 9150 Firmware Csrb31024 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33067 MEDIUM PATCH This Month

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware C V2x 9150 Firmware Csrb31024 Firmware +73
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-33056 HIGH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +319
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33044 HIGH This Week

Memory corruption while Configuring the SMR/S2CR register in Bypass mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csrb31024 Firmware +204
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38423 HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware Wsa8810 Firmware +199
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38422 HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +259
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38408 CRITICAL PATCH Act Now

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +225
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-33016 MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware Qcn9012 Firmware Qcn9013 Firmware +327
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-23359 HIGH This Week

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcn9024 Firmware Qcs4490 Firmware Qcs5430 Firmware +156
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-33014 HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +315
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23356 HIGH This Week

Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +204
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23353 HIGH This Week

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21459 HIGH This Week

Information disclosure while handling beacon or probe response frame in STA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Snapdragon W5 Gen 1 Wearable Platform Firmware Snapdragon 870 5G Mobile Platform Sm8250 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware +172
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23368 HIGH PATCH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +337
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21462 MEDIUM This Month

Transient DOS while loading the TA ELF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +305
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-21461 HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +307
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21475 HIGH PATCH This Week

Memory corruption when the payload received from firmware is not as per the expected protocol size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +226
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21468 HIGH PATCH This Week

Memory corruption when there is failed unmap operation in GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +223
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21453 HIGH This Week

Transient DOS while decoding message of size that exceeds the available system memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C V2x 9150 Firmware Qcs410 Firmware Qcs610 Firmware Video Collaboration Vc1 Platform Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-21452 HIGH This Week

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C V2x 9150 Firmware Qca6584au Firmware Qca6698aq Firmware Snapdragon Auto 5g Modem Rf Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-43511 HIGH This Week

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8064au Firmware +346
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33120 HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware Qcm8550 Firmware Qcs8250 Firmware +225
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33110 HIGH This Week

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Snapdragon 425 Mobile Platform Firmware Snapdragon 427 Mobile Platform Firmware Snapdragon 429 Mobile Platform Firmware +115
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33109 HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +301
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33062 HIGH This Week

Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +280
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33040 HIGH This Week

Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +135
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-33038 MEDIUM This Month

Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +136
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-33033 HIGH This Week

Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware +256
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33032 CRITICAL Act Now

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +114
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-33030 CRITICAL Act Now

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +289
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-33107 HIGH KEV PATCH THREAT This Week

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Apq8064au Firmware +233
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33098 HIGH This Week

Transient DOS while parsing WPA IES, when it is passed with length more than expected size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +253
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33089 HIGH This Week

Transient DOS when processing a NULL buffer while parsing WLAN vdev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +220
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33088 HIGH This Week

Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware +298
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33080 HIGH This Week

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8064au Firmware +361
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33070 MEDIUM PATCH This Month

Transient DOS in Automotive OS due to improper authentication to the secure IO calls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware C V2x 9150 Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33063 HIGH KEV PATCH THREAT This Week

Memory corruption in DSP Services during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Apq8017 Firmware +278
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-33018 HIGH This Week

Memory corruption while using the UIM diag command to get the operators name. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +258
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33017 HIGH This Week

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +272
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28587 HIGH This Week

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +180
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28586 MEDIUM This Month

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +304
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-28585 HIGH This Week

Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +271
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-28551 HIGH This Week

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +238
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28550 HIGH This Week

Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +325
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28546 HIGH This Week

Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +270
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33059 HIGH PATCH This Week

Memory corruption in Audio while processing the VOC packet data from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware +255
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28572 HIGH PATCH This Week

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Csrb31024 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +50
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28569 MEDIUM This Month

Information disclosure in WLAN HAL while handling command through WMI interfaces. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Ar9380 Firmware Csr8811 Firmware +204
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28566 MEDIUM This Month

Information disclosure in WLAN HAL while handling the WMI state info command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware +121
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28563 MEDIUM This Month

Information disclosure in IOE Firmware while handling WMI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +226
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28556 HIGH This Week

Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28553 MEDIUM PATCH This Month

Information Disclosure in WLAN Host when processing WMI event command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +139
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-24852 HIGH This Week

Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +262
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22388 CRITICAL Act Now

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware +220
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-33027 HIGH This Week

Transient DOS in WLAN Firmware while parsing rsn ies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +323
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28571 MEDIUM PATCH This Month

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Apq8064au Firmware Csrb31024 Firmware Qca6390 Firmware +82
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28539 HIGH PATCH This Week

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Csrb31024 Firmware +153
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24849 HIGH This Week

Information Disclosure in data Modem while parsing an FMTP line in an SDP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +233
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24848 HIGH This Week

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +239
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24847 HIGH This Week

Transient DOS in Modem while allocating DSM items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +252
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-22385 CRITICAL Act Now

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +235
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-28560 HIGH This Week

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8076 Firmware Apq8084 Firmware Apq8092 Firmware Apq8094 Firmware +263
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28558 HIGH This Week

Memory corruption in WLAN handler while processing PhyID in Tx status handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +191
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28557 HIGH This Week

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +269
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28549 HIGH This Week

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28548 HIGH PATCH This Week

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +175
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28537 HIGH This Week

Memory corruption while allocating memory in COmxApeDec module in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Aqt1000 Firmware +180
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21656 HIGH PATCH This Week

Memory corruption in WLAN HOST while receiving an WMI event from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Csrb31024 Firmware +124
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21628 HIGH This Week

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +279
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21666 HIGH PATCH This Week

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Buffer Overflow Wcn3998 Firmware Qca6390 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21665 HIGH PATCH This Week

Memory corruption in Graphics while importing a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8052 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 7.2
HIGH This Week

5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).

Information Disclosure Snapdragon 820am Firmware Video Collaboration Vc3 Platform Firmware +192
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]

Memory Corruption Qualcomm 215 Mobile Platform Firmware Qcm2290 Firmware +168
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]

Memory Corruption Snapdragon 778g 5g Mobile Platform Firmware Sa6150p Firmware +219
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]

Denial Of Service Fastconnect 6700 Firmware Qca6574a Firmware +204
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Csrb31024 Firmware +133
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware +200
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +285
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +247
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Aqt1000 Firmware +368
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +346
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +339
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing video packets received from video firmware.

Buffer Overflow Sg4150p Firmware Sd888 Firmware +332
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while processing received beacon frame.

Buffer Overflow Snapdragon 4 Gen 1 Mobile Firmware Sd855 Firmware +179
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +259
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9070 Firmware Qcn9072 Firmware +265
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware +221
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sa9000p Firmware Sd626 Firmware +180
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +98
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow C V2x 9150 Firmware Csrb31024 Firmware +59
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware +75
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +321
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while Configuring the SMR/S2CR register in Bypass mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +206
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware +201
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +261
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware +227
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware +329
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcn9024 Firmware +158
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware +317
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +206
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +245
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure while handling beacon or probe response frame in STA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Snapdragon W5 Gen 1 Wearable Platform Firmware +174
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware +339
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Transient DOS while loading the TA ELF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +307
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +309
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when the payload received from firmware is not as per the expected protocol size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware +228
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when there is failed unmap operation in GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +225
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while decoding message of size that exceeds the available system memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C V2x 9150 Firmware Qcs410 Firmware +11
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C V2x 9150 Firmware Qca6584au Firmware +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +348
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware +227
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Snapdragon 425 Mobile Platform Firmware +117
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +303
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +282
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +137
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +138
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware +258
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 9205 Lte Modem Firmware +116
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +291
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +235
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing WPA IES, when it is passed with length more than expected size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +255
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when processing a NULL buffer while parsing WLAN vdev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +222
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Null Pointer Dereference +300
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +363
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Transient DOS in Automotive OS due to improper authentication to the secure IO calls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Aqt1000 Firmware Ar8031 Firmware +100
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption in DSP Services during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +280
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while using the UIM diag command to get the operators name. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +260
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +274
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +182
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware +306
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +273
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +240
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +327
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +272
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Audio while processing the VOC packet data from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +257
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Csrb31024 Firmware Fastconnect 6800 Firmware +52
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Information disclosure in WLAN HAL while handling command through WMI interfaces. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware +206
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Information disclosure in WLAN HAL while handling the WMI state info command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware +123
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Information disclosure in IOE Firmware while handling WMI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware +228
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +218
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information Disclosure in WLAN Host when processing WMI event command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware +141
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware +264
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware +222
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing rsn ies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware +325
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Apq8064au Firmware +84
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +155
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information Disclosure in data Modem while parsing an FMTP line in an SDP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware +235
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware +241
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Modem while allocating DSM items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +254
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +237
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8076 Firmware Apq8084 Firmware +265
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN handler while processing PhyID in Tx status handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +193
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +271
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +218
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +177
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while allocating memory in COmxApeDec module in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +182
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in WLAN HOST while receiving an WMI event from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +126
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware +281
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Buffer Overflow Wcn3998 Firmware Qca6390 Firmware +163
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Graphics while importing a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +218
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy