CVE-2025-47404

all versions

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

6.5MEDIUM

CVE-2025-47379

all versions

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocati

7.8HIGH

CVE-2025-47333

all versions

Memory corruption while handling buffer mapping operations in the cryptographic driver.

6.6MEDIUM

CVE-2025-47330

all versions

Transient DOS while parsing video packets received from the video firmware.

5.5MEDIUM

CVE-2025-47320

all versions

Memory corruption while processing MFC channel configuration during music playback.

7.8HIGH

CVE-2025-27054

all versions

Memory corruption while processing a malformed license file during reboot.

7.8HIGH

CVE-2025-27053

all versions

Memory corruption during PlayReady APP usecase while processing TA commands.

7.8HIGH

CVE-2025-21482

all versions

Cryptographic issue while performing RSA PKCS padding decoding.

7.1HIGH

CVE-2025-21481

all versions

Memory corruption while performing private key encryption in trusted application.

7.8HIGH

CVE-2025-27062

all versions

Memory corruption while handling client exceptions, allowing unauthorized channel access.

7.8HIGH

CVE-2025-21465

all versions

Information disclosure while processing the hash segment in an MBN file.

6.5MEDIUM

CVE-2025-21464

all versions

Information disclosure while reading data from an image using specified offset and size parameters.

6.5MEDIUM

CVE-2025-27061

all versions

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

7.8HIGH

CVE-2025-27042

all versions

Memory corruption while processing video packets received from video firmware.

7.8HIGH

CVE-2025-21453

all versions

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

7.8HIGH

CVE-2025-21430

all versions

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

7.5HIGH

CVE-2025-21429

all versions

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

7.5HIGH

CVE-2025-21428

all versions

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session

7.5HIGH

CVE-2025-21424

all versions

Memory corruption while calling the NPU driver APIs concurrently.

7.8HIGH

CVE-2024-53014

all versions

Memory corruption may occur while validating ports and channels in Audio driver.

7.8HIGH

CVE-2024-43051

all versions

Information disclosure while deriving keys for a session for any Widevine use case.

5.5MEDIUM

CVE-2024-33056

all versions

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

8.4HIGH

CVE-2024-38422

all versions

Memory corruption while processing voice packet with arbitrary data received from ADSP.

7.8HIGH

CVE-2021-30327

all versions

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile,

7.5HIGH

CVE-2021-1927

all versions

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

8.4HIGH

CVE-2021-1925

all versions

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

7.5HIGH

CVE-2021-1915

all versions

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

7.8HIGH

CVE-2021-1906

all versions

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdra

6.2MEDIUM

CVE-2021-1905

all versions

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

8.4HIGH

CVE-2021-1895

all versions

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial I

6.8MEDIUM

CVE-2021-1891

all versions

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdra

8.4HIGH

CVE-2020-11294

all versions

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon

5.9MEDIUM

CVE-2020-11293

all versions

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length rece

5.1MEDIUM

CVE-2020-11289

all versions

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

7.8HIGH

CVE-2020-11288

all versions

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon

7.8HIGH

CVE-2020-11252

all versions

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Au

7.2HIGH

CVE-2020-11234

all versions

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

8.4HIGH

CVE-2020-11309

all versions

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon

7.8HIGH

CVE-2020-11308

all versions

Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdrago

6.8MEDIUM

CVE-2020-11290

all versions

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snap

7.0HIGH

CVE-2020-11227

all versions

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdrag

9.8CRITICAL

CVE-2020-11226

all versions

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Comp

7.5HIGH

CVE-2020-11222

all versions

Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute,

9.1CRITICAL

CVE-2020-11221

all versions

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insuffi

5.5MEDIUM

CVE-2020-11218

all versions

Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdr

7.5HIGH

CVE-2020-11199

all versions

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in

5.5MEDIUM

CVE-2020-11192

all versions

Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapd

9.8CRITICAL

CVE-2020-11190

all versions

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

9.1CRITICAL

CVE-2020-11189

all versions

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

9.1CRITICAL

CVE-2020-11188

all versions

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

9.1CRITICAL

CVE-2020-11186

all versions

Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received

5.5MEDIUM

CVE-2020-11171

all versions

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

9.1CRITICAL

CVE-2020-11166

all versions

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in

9.1CRITICAL