Snapdragon Auto 5g Modem Rf Gen 2 Firmware
Monthly
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]
Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).
Transient DOS when processing a received frame with an excessively large authentication information element. [CVSS 6.5 MEDIUM]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while performing encryption and decryption commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while registering commands from clients with diag through diagHal. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while selecting the PLMN from SOR failed list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
information disclosure while invoking calibration data from user space to update firmware size. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while creating NDP instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while processing a frame with malformed shared-key descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while handling client exceptions, allowing unauthorized channel access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while processing CCCH data when NW sends data with invalid length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while opening a fastrpc session when domain is not sanitized. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Transient DOS while processing received beacon frame.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malformed EHT (Extremely High Throughput) operation information element. An unauthenticated remote attacker can trigger a temporary service disruption by sending a specially crafted beacon frame, affecting WiFi 6E and later devices. With a CVSS score of 7.5 and high availability impact, this vulnerability requires no user interaction and is network-accessible, making it a notable threat to wireless infrastructure and client devices, though there is currently no evidence of active exploitation in the wild.
Memory corruption may occur while processing voice call registration with user.
Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux OS (HLOS) retains access to a VM during attachment operations. This local privilege escalation vulnerability affects Qualcomm System-on-Chip (SoC) implementations and allows a local attacker with user-level privileges to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has not been reported as actively exploited in the KEV catalog, but the high CVSS score (7.8) and local attack vector indicate significant real-world risk for deployed Qualcomm-based devices.
Transient DOS while parsing per STA profile in ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while decoding of OTA messages from T3448 IE. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing an IOCTL call to set mixer controls. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption while sound model registration for voice activation with audio kernel driver. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing multiple IOCTL calls from HLOS to DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information disclosure while creating MQ channels. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issues while generating an asymmetric key pair for RKP use cases. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. Rated high severity (CVSS 7.5). No vendor patch available.
Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS may occur while processing the country IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption may occur while accessing a variable during extended back to back tests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing command in Glink linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS during hypervisor virtual I/O operation in a virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during management frame processing due to mismatch in T2LM info element. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while parsing the ML IE due to invalid frame content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while processing IO control commands. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure during audio playback. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]
Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).
Transient DOS when processing a received frame with an excessively large authentication information element. [CVSS 6.5 MEDIUM]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while performing encryption and decryption commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while registering commands from clients with diag through diagHal. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while selecting the PLMN from SOR failed list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
information disclosure while invoking calibration data from user space to update firmware size. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while creating NDP instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while processing a frame with malformed shared-key descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while handling client exceptions, allowing unauthorized channel access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while processing CCCH data when NW sends data with invalid length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while opening a fastrpc session when domain is not sanitized. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while handling beacon frames with invalid IE header length.
Memory corruption while processing data packets in diag received from Unix clients.
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Transient DOS while processing received beacon frame.
Cryptographic issue occurs due to use of insecure connection method while downloading.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Memory corruption while operating the mailbox in Automotive.
Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malformed EHT (Extremely High Throughput) operation information element. An unauthenticated remote attacker can trigger a temporary service disruption by sending a specially crafted beacon frame, affecting WiFi 6E and later devices. With a CVSS score of 7.5 and high availability impact, this vulnerability requires no user interaction and is network-accessible, making it a notable threat to wireless infrastructure and client devices, though there is currently no evidence of active exploitation in the wild.
Memory corruption may occur while processing voice call registration with user.
Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux OS (HLOS) retains access to a VM during attachment operations. This local privilege escalation vulnerability affects Qualcomm System-on-Chip (SoC) implementations and allows a local attacker with user-level privileges to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has not been reported as actively exploited in the KEV catalog, but the high CVSS score (7.8) and local attack vector indicate significant real-world risk for deployed Qualcomm-based devices.
Transient DOS while parsing per STA profile in ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while decoding of OTA messages from T3448 IE. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing an IOCTL call to set mixer controls. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption while sound model registration for voice activation with audio kernel driver. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing multiple IOCTL calls from HLOS to DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information disclosure while creating MQ channels. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issues while generating an asymmetric key pair for RKP use cases. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. Rated high severity (CVSS 7.5). No vendor patch available.
Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS may occur while processing the country IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption may occur while accessing a variable during extended back to back tests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing command in Glink linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS during hypervisor virtual I/O operation in a virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during management frame processing due to mismatch in T2LM info element. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while parsing the ML IE due to invalid frame content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while processing IO control commands. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure during audio playback. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.