CVE-2026-21385

all versions

Memory corruption while using alignments for memory allocation.

7.8HIGH

CVE-2025-47383

all versions

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

7.2HIGH

CVE-2025-47320

all versions

Memory corruption while processing MFC channel configuration during music playback.

7.8HIGH

CVE-2025-27053

all versions

Memory corruption during PlayReady APP usecase while processing TA commands.

7.8HIGH

CVE-2025-21487

all versions

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than th

8.2HIGH

CVE-2025-21484

all versions

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP pa

8.2HIGH

CVE-2025-21483

all versions

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.

9.8CRITICAL

CVE-2024-53026

all versions

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

8.2HIGH

CVE-2024-53021

all versions

Information disclosure may occur while processing goodbye RTCP packet from network.

8.2HIGH

CVE-2024-53020

all versions

Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

8.2HIGH

CVE-2025-21429

all versions

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

7.5HIGH

CVE-2025-21428

all versions

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session

7.5HIGH

CVE-2024-45552

all versions

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to

8.2HIGH

CVE-2024-38423

all versions

Memory corruption while processing GPU page table switch.

7.8HIGH

CVE-2024-38422

all versions

Memory corruption while processing voice packet with arbitrary data received from ADSP.

7.8HIGH

CVE-2024-33043

all versions

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

5.5MEDIUM

CVE-2024-23357

all versions

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

6.2MEDIUM

CVE-2024-23353

all versions

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

7.5HIGH

CVE-2024-21461

all versions

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

8.4HIGH

CVE-2023-43513

all versions

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitr

7.8HIGH

CVE-2023-33110

all versions

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP an

7.8HIGH

CVE-2023-33033

all versions

Memory corruption in Audio during playback with speaker protection.

8.4HIGH

CVE-2023-33030

all versions

Memory corruption in HLOS while running playready use-case.

9.3CRITICAL

CVE-2023-33107

all versions

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

8.4HIGH

CVE-2023-28588

all versions

Transient DOS in Bluetooth Host while rfc slot allocation.

7.5HIGH

CVE-2023-28546

all versions

Memory Corruption in SPS Application while exporting public key in sorter TA.

7.8HIGH

CVE-2023-24850

all versions

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

7.8HIGH