CVE-2025-47403

all versions

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

6.5MEDIUM

CVE-2025-47401

all versions

Transient DOS when processing target power rate tables during channel configuration.

6.5MEDIUM

CVE-2025-47392

all versions

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

8.8HIGH

CVE-2026-21385

all versions

Memory corruption while using alignments for memory allocation.

7.8HIGH

CVE-2025-59600

all versions

Memory Corruption when adding user-supplied data without checking available buffer space.

7.8HIGH

CVE-2025-47383

all versions

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

7.2HIGH

CVE-2025-47371

all versions

Transient DOS when an LTE RLC packet with invalid TB is received by UE.

6.5MEDIUM

CVE-2025-47369

all versions

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

5.5MEDIUM

CVE-2025-47348

all versions

Memory corruption while processing identity credential operations in the trusted application.

7.8HIGH

CVE-2025-47333

all versions

Memory corruption while handling buffer mapping operations in the cryptographic driver.

6.6MEDIUM

CVE-2025-47331

all versions

Information disclosure while processing a firmware event.

6.1MEDIUM

CVE-2025-47330

all versions

Transient DOS while parsing video packets received from the video firmware.

5.5MEDIUM

CVE-2025-47323

all versions

Memory corruption while routing GPR packets between user and root when handling large data packet.

7.8HIGH

CVE-2025-47321

all versions

Memory corruption while copying packets received from unix clients.

7.8HIGH

CVE-2025-27070

all versions

Memory corruption while performing encryption and decryption commands.

7.8HIGH

CVE-2025-27054

all versions

Memory corruption while processing a malformed license file during reboot.

7.8HIGH

CVE-2025-27053

all versions

Memory corruption during PlayReady APP usecase while processing TA commands.

7.8HIGH

CVE-2025-47318

all versions

Transient DOS while parsing the EPTM test control message to get the test pattern.

7.5HIGH

CVE-2025-27034

all versions

Memory corruption while selecting the PLMN from SOR failed list.

9.8CRITICAL

CVE-2025-21482

all versions

Cryptographic issue while performing RSA PKCS padding decoding.

7.1HIGH

CVE-2025-21481

all versions

Memory corruption while performing private key encryption in trusted application.

7.8HIGH

CVE-2025-27066

all versions

Transient DOS while processing an ANQP message.

7.5HIGH

CVE-2025-27062

all versions

Memory corruption while handling client exceptions, allowing unauthorized channel access.

7.8HIGH

CVE-2025-21465

all versions

Information disclosure while processing the hash segment in an MBN file.

6.5MEDIUM

CVE-2025-21464

all versions

Information disclosure while reading data from an image using specified offset and size parameters.

6.5MEDIUM

CVE-2025-27061

all versions

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

7.8HIGH

CVE-2025-27042

all versions

Memory corruption while processing video packets received from video firmware.

7.8HIGH

CVE-2025-21454

all versions

Transient DOS while processing received beacon frame.

7.5HIGH

CVE-2025-21450

all versions

Cryptographic issue occurs due to use of insecure connection method while downloading.

9.1CRITICAL

CVE-2025-21449

all versions

Transient DOS may occur while processing malformed length field in SSID IEs.

7.5HIGH

CVE-2025-21446

all versions

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

7.5HIGH

CVE-2025-21433

all versions

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

6.2MEDIUM

CVE-2025-21432

all versions

Memory corruption while retrieving the CBOR data from TA.

7.8HIGH

CVE-2025-21422

all versions

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

7.1HIGH

CVE-2025-21468

all versions

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null

7.8HIGH

CVE-2025-21453

all versions

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

7.8HIGH

CVE-2025-21448

all versions

Transient DOS may occur while parsing SSID in action frames.

7.5HIGH

CVE-2025-21430

all versions

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

7.5HIGH

CVE-2025-21429

all versions

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

7.5HIGH

CVE-2024-45551

all versions

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification fai

6.2MEDIUM

CVE-2024-45549

all versions

Information disclosure while creating MQ channels.

7.7HIGH

CVE-2024-43046

all versions

There may be information disclosure during memory re-allocation in TZ Secure OS.

5.5MEDIUM

CVE-2025-21424

all versions

Memory corruption while calling the NPU driver APIs concurrently.

7.8HIGH

CVE-2024-53027

all versions

Transient DOS may occur while processing the country IE.

7.5HIGH

CVE-2024-53024

all versions

Memory corruption in display driver while detaching a device.

7.8HIGH

CVE-2024-53014

all versions

Memory corruption may occur while validating ports and channels in Audio driver.

7.8HIGH

CVE-2024-43051

all versions

Information disclosure while deriving keys for a session for any Widevine use case.

5.5MEDIUM

CVE-2024-38426

all versions

While processing the authentication message in UE, improper authentication may lead to information disclosure.

5.4MEDIUM

CVE-2024-49838

all versions

Information disclosure while parsing the OCI IE with invalid length.

8.2HIGH

CVE-2024-33056

all versions

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

8.4HIGH

CVE-2024-38423

all versions

Memory corruption while processing GPU page table switch.

7.8HIGH

CVE-2024-38415

all versions

Memory corruption while handling session errors from firmware.

7.8HIGH

CVE-2024-38408

all versions

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

8.2HIGH

CVE-2024-23385

all versions

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

7.5HIGH

CVE-2024-38402

all versions

Memory corruption while processing IOCTL call for getting group info.

7.8HIGH

CVE-2024-33060

all versions

Memory corruption when two threads try to map and unmap a single node simultaneously.

8.4HIGH

CVE-2024-33051

all versions

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

7.5HIGH

CVE-2024-33050

all versions

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improp

7.5HIGH

CVE-2024-33045

all versions

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

8.4HIGH

CVE-2024-33016

all versions

memory corruption when an invalid firehose patch command is invoked.

6.8MEDIUM

CVE-2024-23364

all versions

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of

7.5HIGH

CVE-2024-23362

all versions

Cryptographic issue while parsing RSA keys in COBR format.

7.1HIGH

CVE-2024-23359

all versions

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

8.2HIGH