Skip to main content

Snapdragon X55 5g Modem Rf System Firmware

196 CVEs product

Monthly

CVE-2026-21385 HIGH POC KEV PATCH THREAT Act Now

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.

Memory Corruption Wcn3990 Firmware Sa8155 Firmware Sw5100p Firmware Qcn9024 Firmware +222
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-47386 HIGH PATCH This Week

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]

Memory Corruption Fwa Gen 3 Ultra Firmware Qca9377 Firmware Sda660 Firmware Robotics Rb2 Platform Firmware +158
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47384 MEDIUM This Month

5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Qca6391 Firmware 5g Fixed Wireless Access Platform Firmware Snapdragon 690 5g Mobile Platform Firmware Wsa8835 Firmware +34
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47383 HIGH This Week

5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).

Information Disclosure Snapdragon 820am Firmware Video Collaboration Vc3 Platform Firmware Sw5100p Firmware Sm6250 Firmware +190
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-47379 HIGH PATCH This Week

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]

Memory Corruption Qualcomm 215 Mobile Platform Firmware Qcm2290 Firmware Qca9377 Firmware Qca6574 Firmware +166
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47378 HIGH This Week

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. [CVSS 7.1 HIGH]

Information Disclosure Fastconnect 6900 Firmware Snapdragon Xr2 5g Platform Firmware Sar2230p Firmware Snapdragon Ar1 Gen 1 Platform Firmware +67
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47376 HIGH PATCH This Week

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]

Memory Corruption Sa8145p Firmware Fastconnect 6200 Firmware Lemansau Firmware Sa8195p Firmware +158
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47375 HIGH PATCH This Week

Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Qca6678aq Firmware Qcs2290 Firmware Mdm9628 Firmware +157
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47371 MEDIUM This Month

5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Wcn3950 Firmware Snapdragon 7c Gen 2 Compute Platform Firmware Wcd9340 Firmware Wsa8830 Firmware +117
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47369 MEDIUM PATCH This Month

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]

Information Disclosure Snapdragon 660 Mobile Platform Firmware Snapdragon Xr2 5g Platform Firmware Sa6145p Firmware Snapdragon X55 5g Modem Rf System Firmware +154
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47348 HIGH This Week

Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]

Memory Corruption Qca6696 Firmware Qamsrv1m Firmware Qam8620p Firmware Qca6688aq Firmware +181
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47333 MEDIUM PATCH This Month

Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]

Memory Corruption Snapdragon 778g 5g Mobile Platform Firmware Sa6150p Firmware Qam8650p Firmware Qfw7114 Firmware +217
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-47331 MEDIUM PATCH This Month

Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]

Information Disclosure Ipq9048 Firmware Wsa8840 Firmware Qcm8550 Firmware Qca9888 Firmware +278
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-47330 MEDIUM PATCH This Month

Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]

Denial Of Service Fastconnect 6700 Firmware Qca6574a Firmware Qca9377 Firmware Snapdragon X72 5g Modem Rf System Firmware +202
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27070 HIGH This Month

Memory corruption while performing encryption and decryption commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qcs615 Firmware Qcs6490 Firmware Qcs8300 Firmware +171
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47318 HIGH This Week

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +198
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27037 HIGH This Month

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6800 Firmware Fastconnect 6900 Firmware +35
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27034 CRITICAL This Week

Memory corruption while selecting the PLMN from SOR failed list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6174a Firmware Qca6391 Firmware +107
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-27032 HIGH This Month

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +187
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21487 HIGH This Month

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +222
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-21484 HIGH This Month

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sm8750 Firmware Sm8750p Firmware Sm8850 Firmware +170
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-21483 CRITICAL This Week

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Fastconnect 6200 Firmware +221
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-21482 HIGH This Month

Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +283
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-21481 HIGH This Month

Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +245
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27071 HIGH This Month

Memory corruption while processing specific files in Powerline Communication Firmware. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +30
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-27066 HIGH This Month

Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +366
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-21477 HIGH This Month

Transient DOS while processing CCCH data when NW sends data with invalid length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +83
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21474 HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6800 Firmware Fastconnect 6900 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21465 MEDIUM This Month

Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +344
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21464 MEDIUM This Month

Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +337
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21455 HIGH This Month

Memory corruption while submitting blob data to kernel space though IOCTL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21452 HIGH This Month

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +76
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-21479 HIGH KEV THREAT Act Now

A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains.

Memory Corruption Command Injection RCE Wcn7881 Firmware Snapdragon 888 5g Mobile Platform Firmware +62
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-21480 HIGH KEV THREAT Act Now

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.

Memory Corruption Command Injection RCE Wsa8832 Firmware Fastconnect 6700 Firmware +63
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2024-53026 HIGH This Week

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoLTE and VoWiFi call processing. When a malicious or malformed RTCP (Real-time Transport Control Protocol) packet is received during an active call, the vulnerable system leaks sensitive information to a network-adjacent attacker without requiring authentication or user interaction. The CVSS 8.2 rating reflects high confidentiality impact with partial availability degradation; exploitation likelihood and real-world activity status require cross-referencing with EPSS and KEV data.

Information Disclosure Wcd9335 Firmware Sm7325p Firmware Qcn9274 Firmware Sa6155 Firmware +207
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-53021 HIGH This Week

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processing that allows unauthenticated remote attackers to leak sensitive data through malicious goodbye (BYE) RTCP packets. The vulnerability affects multiple VoIP and real-time communication products processing RTCP traffic; attackers can extract confidential information across the network without authentication or user interaction, and may also cause limited availability impact. The high CVSS score of 8.2 reflects the severe confidentiality impact and network-based attack vector, though exploitation complexity is low.

Information Disclosure Qcn9011 Firmware Wcn7860 Firmware Wcd9340 Firmware Wcn6450 Firmware +198
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-53020 HIGH This Week

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that occurs when decoding packets with malformed header extensions. An attacker on the network can send specially crafted RTP packets to trigger memory disclosure, potentially exposing sensitive information while also causing minor availability impact. The vulnerability affects multiple implementations of RTP protocol handling across various media processing frameworks and VoIP applications; while there is no confirmed active KEV status or public exploit code documented, the high CVSS score (8.2) combined with network accessibility (CVSS:3.1/AV:N) indicates significant real-world risk to exposed services.

Information Disclosure Sa8650p Firmware Apq8017 Firmware Qamsrv1h Firmware Wcn3610 Firmware +207
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-53016 MEDIUM This Month

CVE-2024-53016 is a security vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Wcn3660b Firmware Wcn3980 Firmware Wsa8810 Firmware Wcd9385 Firmware +27
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-53015 MEDIUM This Month

Memory corruption while processing IOCTL command to handle buffers associated with a session.

Use After Free Buffer Overflow Memory Corruption Wcd9340 Firmware Snapdragon 480 5g Mobile Platform Firmware +78
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-53013 MEDIUM This Month

Memory corruption may occur while processing voice call registration with user.

Buffer Overflow Qca9367 Firmware Wcn3620 Firmware Wsa8810 Firmware Wsa8815 Firmware +54
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-53010 HIGH This Week

Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux OS (HLOS) retains access to a VM during attachment operations. This local privilege escalation vulnerability affects Qualcomm System-on-Chip (SoC) implementations and allows a local attacker with user-level privileges to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has not been reported as actively exploited in the KEV catalog, but the high CVSS score (7.8) and local attack vector indicate significant real-world risk for deployed Qualcomm-based devices.

VMware Memory Corruption Denial Of Service Qca8081 Firmware Qcn9011 Firmware +165
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-45570 MEDIUM PATCH This Month

Memory corruption may occur during IO configuration processing when the IO port count is invalid. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +54
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45566 HIGH PATCH This Week

Memory corruption during concurrent buffer access due to modification of the reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45564 HIGH PATCH This Week

Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45562 MEDIUM PATCH This Month

Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +76
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-21448 HIGH This Week

Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9070 Firmware Qcn9072 Firmware Qcn9074 Firmware Qcn9100 Firmware +263
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21435 HIGH This Week

Transient DOS may occur while parsing extended IE in beacon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +145
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21430 HIGH This Week

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +219
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21429 HIGH This Week

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sa9000p Firmware Sd626 Firmware Sd660 Firmware Sd670 Firmware +178
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45552 HIGH This Week

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apq8064au Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +142
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-45551 MEDIUM This Month

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +236
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-45549 HIGH This Month

Information disclosure while creating MQ channels. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sm8550p Firmware Sm8635 Firmware Sm8635p Firmware Sm8650q Firmware +154
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-45544 MEDIUM This Month

Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +42
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45543 MEDIUM This Month

Memory corruption while accessing MSM channel map and mixer functions. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +62
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45540 MEDIUM This Month

Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware +66
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-43067 HIGH This Week

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware Qca6574au Firmware +54
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43066 HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Csrb31024 Firmware Fastconnect 6200 Firmware +96
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43065 HIGH This Week

Cryptographic issues while generating an asymmetric key pair for RKP use cases. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 7800 Firmware Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +160
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-43046 MEDIUM This Month

There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +304
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-33058 HIGH This Month

Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +185
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-43052 HIGH This Week

Memory corruption while processing API calls to NPU with invalid input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +85
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33056 HIGH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +319
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33053 MEDIUM PATCH This Month

Memory corruption when multiple threads try to unregister the CVP buffer at the same time. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption C V2x 9150 Firmware Fastconnect 6200 Firmware +53
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33044 HIGH This Week

Memory corruption while Configuring the SMR/S2CR register in Bypass mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csrb31024 Firmware +204
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33040 HIGH PATCH This Week

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6800 Firmware Fastconnect 6900 Firmware +27
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-33037 MEDIUM PATCH This Month

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure C V2x 9150 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +47
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-33036 MEDIUM PATCH This Month

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption C V2x 9150 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +48
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-38423 HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware Wsa8810 Firmware +199
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38422 HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +259
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38415 HIGH PATCH This Week

Memory corruption while handling session errors from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +170
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38408 CRITICAL PATCH Act Now

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +225
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-33032 MEDIUM PATCH This Month

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware Wsa8830 Firmware Wsa8815 Firmware +63
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33069 HIGH This Week

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-23369 HIGH This Week

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon 888 5G Mobile Platform Sm8350 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware Wsa8845h Firmware Wsa8845 Firmware +114
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33060 HIGH PATCH This Week

Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Firmware Aqt1000 Firmware +241
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33052 HIGH PATCH This Week

Memory corruption when user provides data for FM HCI command control operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +193
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33048 HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +183
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33043 MEDIUM PATCH This Month

Transient DOS while handling PS event when Program Service name length offset value is set to 255. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +193
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-33042 HIGH PATCH This Week

Memory corruption when Alternative Frequency offset value is set to 255. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +192
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33035 HIGH This Week

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware Qam8620p Firmware Qam8650p Firmware +86
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-33016 MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware Qcn9012 Firmware Qcn9013 Firmware +327
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-23364 HIGH This Week

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +173
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23362 HIGH This Week

Cryptographic issue while parsing RSA keys in COBR format. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +226
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-23359 HIGH This Week

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcn9024 Firmware Qcs4490 Firmware Qcs5430 Firmware +156
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-33027 HIGH PATCH This Week

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +87
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33025 HIGH PATCH This Week

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Csr8811 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +163
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33024 HIGH PATCH This Week

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware +176
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33020 HIGH PATCH This Week

Transient DOS while processing TID-to-link mapping IE elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +92
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33014 HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +315
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23357 MEDIUM This Month

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Sm7250p Firmware Qcm8550 Firmware Qcs8250 Firmware Qcs6125 Firmware +233
NVD
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.

Memory Corruption Wcn3990 Firmware Sa8155 Firmware +224
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]

Memory Corruption Fwa Gen 3 Ultra Firmware Qca9377 Firmware +160
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Qca6391 Firmware 5g Fixed Wireless Access Platform Firmware +36
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).

Information Disclosure Snapdragon 820am Firmware Video Collaboration Vc3 Platform Firmware +192
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]

Memory Corruption Qualcomm 215 Mobile Platform Firmware Qcm2290 Firmware +168
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. [CVSS 7.1 HIGH]

Information Disclosure Fastconnect 6900 Firmware Snapdragon Xr2 5g Platform Firmware +69
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]

Memory Corruption Sa8145p Firmware Fastconnect 6200 Firmware +160
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Qca6678aq Firmware +159
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Wcn3950 Firmware Snapdragon 7c Gen 2 Compute Platform Firmware +119
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]

Information Disclosure Snapdragon 660 Mobile Platform Firmware Snapdragon Xr2 5g Platform Firmware +156
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]

Memory Corruption Qca6696 Firmware Qamsrv1m Firmware +183
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]

Memory Corruption Snapdragon 778g 5g Mobile Platform Firmware Sa6150p Firmware +219
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]

Information Disclosure Ipq9048 Firmware Wsa8840 Firmware +280
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]

Denial Of Service Fastconnect 6700 Firmware Qca6574a Firmware +204
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while performing encryption and decryption commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qcs615 Firmware +173
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware +200
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +37
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Memory corruption while selecting the PLMN from SOR failed list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware +109
NVD
EPSS 0% CVSS 7.8
HIGH This Month

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +189
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apq8017 Firmware +224
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sm8750 Firmware +172
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware +223
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +285
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +247
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Memory corruption while processing specific files in Powerline Communication Firmware. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware +32
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Aqt1000 Firmware +368
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Transient DOS while processing CCCH data when NW sends data with invalid length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware +85
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +45
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +346
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +339
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while submitting blob data to kernel space though IOCTL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware +27
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware +78
NVD
EPSS 0% CVSS 8.6
HIGH KEV THREAT Act Now

A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains.

Memory Corruption Command Injection RCE +64
NVD
EPSS 2% CVSS 8.6
HIGH KEV THREAT Act Now

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.

Memory Corruption Command Injection RCE +65
NVD
EPSS 0% CVSS 8.2
HIGH This Week

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoLTE and VoWiFi call processing. When a malicious or malformed RTCP (Real-time Transport Control Protocol) packet is received during an active call, the vulnerable system leaks sensitive information to a network-adjacent attacker without requiring authentication or user interaction. The CVSS 8.2 rating reflects high confidentiality impact with partial availability degradation; exploitation likelihood and real-world activity status require cross-referencing with EPSS and KEV data.

Information Disclosure Wcd9335 Firmware Sm7325p Firmware +209
NVD
EPSS 0% CVSS 8.2
HIGH This Week

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processing that allows unauthenticated remote attackers to leak sensitive data through malicious goodbye (BYE) RTCP packets. The vulnerability affects multiple VoIP and real-time communication products processing RTCP traffic; attackers can extract confidential information across the network without authentication or user interaction, and may also cause limited availability impact. The high CVSS score of 8.2 reflects the severe confidentiality impact and network-based attack vector, though exploitation complexity is low.

Information Disclosure Qcn9011 Firmware Wcn7860 Firmware +200
NVD
EPSS 0% CVSS 8.2
HIGH This Week

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that occurs when decoding packets with malformed header extensions. An attacker on the network can send specially crafted RTP packets to trigger memory disclosure, potentially exposing sensitive information while also causing minor availability impact. The vulnerability affects multiple implementations of RTP protocol handling across various media processing frameworks and VoIP applications; while there is no confirmed active KEV status or public exploit code documented, the high CVSS score (8.2) combined with network accessibility (CVSS:3.1/AV:N) indicates significant real-world risk to exposed services.

Information Disclosure Sa8650p Firmware Apq8017 Firmware +209
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

CVE-2024-53016 is a security vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Wcn3660b Firmware Wcn3980 Firmware +29
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while processing IOCTL command to handle buffers associated with a session.

Use After Free Buffer Overflow Memory Corruption +80
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption may occur while processing voice call registration with user.

Buffer Overflow Qca9367 Firmware Wcn3620 Firmware +56
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux OS (HLOS) retains access to a VM during attachment operations. This local privilege escalation vulnerability affects Qualcomm System-on-Chip (SoC) implementations and allows a local attacker with user-level privileges to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has not been reported as actively exploited in the KEV catalog, but the high CVSS score (7.8) and local attack vector indicate significant real-world risk for deployed Qualcomm-based devices.

VMware Memory Corruption Denial Of Service +167
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory corruption may occur during IO configuration processing when the IO port count is invalid. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Qca6391 Firmware +56
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption during concurrent buffer access due to modification of the reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +22
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +61
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +78
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9070 Firmware Qcn9072 Firmware +265
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS may occur while parsing extended IE in beacon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware +147
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware +221
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sa9000p Firmware Sd626 Firmware +180
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apq8064au Firmware +144
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fastconnect 6700 Firmware Fastconnect 6800 Firmware +238
NVD
EPSS 0% CVSS 7.7
HIGH This Month

Information disclosure while creating MQ channels. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sm8550p Firmware Sm8635 Firmware +156
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +44
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while accessing MSM channel map and mixer functions. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow C V2x 9150 Firmware +64
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +68
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qca6391 Firmware Qca6426 Firmware +56
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +98
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cryptographic issues while generating an asymmetric key pair for RKP use cases. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 7800 Firmware Qam8255p Firmware +162
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Csr8811 Firmware Csra6620 Firmware +306
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +187
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while processing API calls to NPU with invalid input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware +87
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +321
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Memory corruption when multiple threads try to unregister the CVP buffer at the same time. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +55
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while Configuring the SMR/S2CR register in Bypass mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +206
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +29
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure C V2x 9150 Firmware +49
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption C V2x 9150 Firmware +50
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware +201
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +261
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while handling session errors from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +172
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware +227
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware +65
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +44
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon 888 5G Mobile Platform Sm8350 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware +116
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +243
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when user provides data for FM HCI command control operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware +195
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware +185
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Transient DOS while handling PS event when Program Service name length offset value is set to 255. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware +195
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when Alternative Frequency offset value is set to 255. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware +194
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware +88
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware +329
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +175
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cryptographic issue while parsing RSA keys in COBR format. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 9205 Lte Modem Firmware Aqt1000 Firmware +228
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcn9024 Firmware +158
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow 315 5g Iot Modem Firmware +89
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Csr8811 Firmware Fastconnect 6800 Firmware +165
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Ar8035 Firmware +178
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while processing TID-to-link mapping IE elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6700 Firmware +94
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware +317
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Sm7250p Firmware Qcm8550 Firmware +235
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy