CVE-2026-25266

all versions

Memory corruption while processing IOCTL command when device is in power-save state.

5.5MEDIUM

CVE-2025-47406

all versions

Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.

6.1MEDIUM

CVE-2025-47403

all versions

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

6.5MEDIUM

CVE-2025-47401

all versions

Transient DOS when processing target power rate tables during channel configuration.

6.5MEDIUM

CVE-2026-21382

all versions

Memory Corruption when handling power management requests with improperly sized input/output buffers.

7.8HIGH

CVE-2026-21381

all versions

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness netwo

7.6HIGH

CVE-2026-21380

all versions

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

7.8HIGH

CVE-2026-21378

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

7.8HIGH

CVE-2026-21376

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

7.8HIGH

CVE-2026-21375

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

7.8HIGH

CVE-2026-21374

all versions

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

7.8HIGH

CVE-2026-21373

all versions

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

7.8HIGH

CVE-2026-21372

all versions

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

7.8HIGH

CVE-2026-21371

all versions

Memory Corruption when retrieving output buffer with insufficient size validation.

7.8HIGH

CVE-2026-21367

all versions

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

7.6HIGH

CVE-2025-47390

all versions

Memory corruption while preprocessing IOCTL request in JPEG driver.

7.8HIGH

CVE-2025-47389

all versions

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

7.8HIGH

CVE-2025-59603

all versions

Memory Corruption when processing invalid user address with nonstandard buffer address.

7.8HIGH

CVE-2025-47378

all versions

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

7.1HIGH

CVE-2025-47373

all versions

Memory Corruption when accessing buffers with invalid length during TA invocation.

7.8HIGH

CVE-2025-47402

all versions

Transient DOS when processing a received frame with an excessively large authentication information element.

6.5MEDIUM

CVE-2025-47399

all versions

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

7.8HIGH

CVE-2025-47356

all versions

Memory Corruption when multiple threads concurrently access and modify shared resources.

7.8HIGH

CVE-2025-47343

all versions

Memory corruption while processing a video session to set video parameters.

7.8HIGH