Snapdragon Xr1 Firmware
Monthly
Transient DOS while processing received beacon frame.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS may occur while processing the country IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while processing received beacon frame.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS may occur while processing the country IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.