CVE-2025-21468

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVE-2023-43547

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

CVE-2022-25724

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

CVE-2023-33087

Memory corruption in Core while processing RX intent request.

CVE-2025-21459

Transient DOS while parsing per STA profile in ML IE.

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).

CVE-2023-33113

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

CVE-2022-33214

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE-2023-43514

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation.

CVE-2023-24854

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

CVE-2024-23351

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

CVE-2024-53027

Transient DOS may occur while processing the country IE.

CVE-2022-25741

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

CVE-2024-38415

Memory corruption while handling session errors from firmware.

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CVE-2024-49838

Information disclosure while parsing the OCI IE with invalid length.

CVE-2024-49839

Memory corruption during management frame processing due to mismatch in T2LM info element.

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2024-53024

Memory corruption in display driver while detaching a device.

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver.

CVE-2024-21455

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVE-2024-38399

Memory corruption while processing user packets to generate page faults.

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CVE-2024-33049

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CVE-2023-33090

Transient DOS while processing channel information for speaker protection v2 module in ADSP.

CVE-2024-33069

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

CVE-2022-33220

Information disclosure in Automotive multimedia due to buffer over-read.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.