CVE-2026-24082

all versions

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

7.8HIGH

CVE-2025-47407

all versions

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

7.8HIGH

CVE-2025-47404

all versions

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

6.5MEDIUM

CVE-2025-47403

all versions

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

6.5MEDIUM

CVE-2025-47401

all versions

Transient DOS when processing target power rate tables during channel configuration.

6.5MEDIUM

CVE-2026-21381

all versions

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness netwo

7.6HIGH

CVE-2026-21367

all versions

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

7.6HIGH

CVE-2025-47392

all versions

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

8.8HIGH

CVE-2025-47391

all versions

Memory corruption while processing a frame request from user.

7.8HIGH

CVE-2025-47389

all versions

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

7.8HIGH

CVE-2026-21385

all versions

Memory corruption while using alignments for memory allocation.

7.8HIGH

CVE-2025-59600

all versions

Memory Corruption when adding user-supplied data without checking available buffer space.

7.8HIGH

CVE-2025-47386

all versions

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

7.8HIGH

CVE-2025-47383

all versions

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

7.2HIGH

CVE-2025-47379

all versions

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocati

7.8HIGH

CVE-2025-47377

all versions

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

7.8HIGH

CVE-2025-47376

all versions

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

7.8HIGH

CVE-2025-47375

all versions

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

7.8HIGH

CVE-2025-47373

all versions

Memory Corruption when accessing buffers with invalid length during TA invocation.

7.8HIGH

CVE-2025-47371

all versions

Transient DOS when an LTE RLC packet with invalid TB is received by UE.

6.5MEDIUM

CVE-2025-47398

all versions

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

7.8HIGH

CVE-2025-47397

all versions

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

7.8HIGH

CVE-2025-47366

all versions

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.

7.1HIGH

CVE-2025-47369

all versions

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

5.5MEDIUM

CVE-2025-47348

all versions

Memory corruption while processing identity credential operations in the trusted application.

7.8HIGH

CVE-2025-47346

all versions

Memory corruption while processing a secure logging command in the trusted application.

7.8HIGH

CVE-2025-47345

all versions

Cryptographic issue may occur while encrypting license data.

8.4HIGH

CVE-2025-47344

all versions

Memory corruption while handling sensor utility operations.

6.7MEDIUM

CVE-2025-47339

all versions

Memory corruption while deinitializing a HDCP session.

7.8HIGH

CVE-2025-47337

all versions

Memory corruption while accessing a synchronization object during concurrent operations.

6.7MEDIUM

CVE-2025-47335

all versions

Memory corruption while parsing clock configuration data for a specific hardware type.

6.7MEDIUM

CVE-2025-47334

all versions

Memory corruption while processing shared command buffer packet between camera userspace and kernel.

6.7MEDIUM

CVE-2025-47333

all versions

Memory corruption while handling buffer mapping operations in the cryptographic driver.

6.6MEDIUM

CVE-2025-47332

all versions

Memory corruption while processing a config call from userspace.

6.7MEDIUM

CVE-2025-47331

all versions

Information disclosure while processing a firmware event.

6.1MEDIUM

CVE-2025-47330

all versions

Transient DOS while parsing video packets received from the video firmware.

5.5MEDIUM

CVE-2025-47382

all versions

Memory corruption while loading an invalid firmware in boot loader.

7.8HIGH

CVE-2025-47323

all versions

Memory corruption while routing GPR packets between user and root when handling large data packet.

7.8HIGH

CVE-2025-47321

all versions

Memory corruption while copying packets received from unix clients.

7.8HIGH

CVE-2025-47320

all versions

Memory corruption while processing MFC channel configuration during music playback.

7.8HIGH

CVE-2025-47319

all versions

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS

6.7MEDIUM

CVE-2025-27054

all versions

Memory corruption while processing a malformed license file during reboot.

7.8HIGH

CVE-2025-27053

all versions

Memory corruption during PlayReady APP usecase while processing TA commands.

7.8HIGH

CVE-2025-47326

all versions

Transient DOS while handling command data during power control processing.

7.5HIGH

CVE-2025-47317

all versions

Memory corruption due to global buffer overflow when a test command uses an invalid payload type.

7.8HIGH

CVE-2025-27062

all versions

Memory corruption while handling client exceptions, allowing unauthorized channel access.

7.8HIGH

CVE-2025-27061

all versions

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

7.8HIGH

CVE-2025-27057

all versions

Transient DOS while handling beacon frames with invalid IE header length.

7.5HIGH

CVE-2025-27052

all versions

Memory corruption while processing data packets in diag received from Unix clients.

7.8HIGH

CVE-2025-27043

all versions

Memory corruption while processing manipulated payload in video firmware.

7.8HIGH

CVE-2025-27042

all versions

Memory corruption while processing video packets received from video firmware.

7.8HIGH

CVE-2025-21454

all versions

Transient DOS while processing received beacon frame.

7.5HIGH

CVE-2025-21450

all versions

Cryptographic issue occurs due to use of insecure connection method while downloading.

9.1CRITICAL

CVE-2025-21449

all versions

Transient DOS may occur while processing malformed length field in SSID IEs.

7.5HIGH

CVE-2025-21446

all versions

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

7.5HIGH

CVE-2025-21433

all versions

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

6.2MEDIUM

CVE-2025-21432

all versions

Memory corruption while retrieving the CBOR data from TA.

7.8HIGH

CVE-2025-21422

all versions

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

7.1HIGH

CVE-2025-27038

all versions

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

7.5HIGH