254 matches found
CVE-2025-21479
CVE-2025-21479 is a memory corruption vulnerability in Qualcomm Adreno GPU drivers caused by unauthorized command execution in a GPU micronode during a specific command sequence. Public details indicate it affects Adreno A7xx devices (e.g., Snapdragon 8 Gen 1+ era) and can enable kernel memory re...
CVE-2023-33063
CVE-2023-33063 is a Use-After-Free/memory corruption issue in Qualcomm DSP Services triggered by a remote call from HLOS to DSP. Affected: Qualcomm chipsets with DSP Services; root cause: memory corruption leading to potential unintended behavior. Documents indicate high impact (confidentiality, ...
CVE-2023-33106
CVE-2023-33106 is a memory corruption vulnerability in Qualcomm graphics drivers, caused by an out-of-range pointer offset when submitting a large list of sync points to IOCTL_KGSL_GPU_AUX_COMMAND. Affected component is Qualcomm chipsets’ graphics subsystem (KGSL driver). The issue is locally exp...
CVE-2023-33107
CVE-2023-33107 is an integer overflow/memory-corruption vulnerability in Graphics Linux affecting Qualcomm display components. The flaw occurs when assigning a shared virtual memory region during an IOCTL, enabling local attacker access with low complexity and no user interaction; impact is rated...
CVE-2025-21480
CVE-2025-21480 is reported as a memory corruption due to unauthorized command execution in the GPU micronode while executing a specific sequence of commands, affecting Qualcomm chipsets (notably Qualcomm FastConnect 7800 and other chipsets). The connected documents confirm this CVE is categorized...
CVE-2023-21656
CVE-2023-21656 is a memory corruption issue in the WLAN HOST when receiving a WMI event from firmware, affecting Qualcomm chipsets (WLAN component). The primary sources list the vulnerability and its high impact (CVSS 3.1: AV=L/AC=L/PR=L/UI:N/S:U/C:H/I:H/A:H) but do not provide concrete product v...
CVE-2023-21670
CVE-2023-21670 describes memory corruption in the Qualcomm GPU subsystem caused by arbitrary command execution from the GPU when operating in privileged mode. The CVE is documented with a HIGH impact (confidentiality, integrity, and availability) and a LOCAL attack vector with LOW complexity and ...
CVE-2024-23380
CVE-2024-23380 is a memory corruption issue in Qualcomm’s graphics stack related to handling user packets during a VBO bind operation. The flaw is described as a local issue with high impact to confidentiality, integrity, and availability. The CVSS indicates local access with low attack complexit...
CVE-2023-43513
CVE-2023-43513: Memory corruption in Qualcomm components due to an untrusted context read pointer during event-ring processing, which may be advanced with arbitrary values and point to the middle of a ring element. According to the provided data, the CVSS v3.1 base metrics are HIGH for Confidenti...
CVE-2024-23373
CVE-2024-23373 is a memory corruption/Use-After-Free issue in Qualcomm graphics stack related to IOMMU unmap handling, where a failed unmap can cause DMA/anonymous buffers to be released. Public sources assign a HIGH impact with local attack requirements (no user interaction). The CVE is document...
CVE-2024-21464
CVE-2024-21464 : Memory corruption in Qualcomm chipset kernels when processing IPA statistics with no active clients registered. Connected documents confirm it affects Qualcomm components (kernel) and is described as a memory corruption issue in multiple sources. Public technical details across s...
CVE-2023-24851
CVE-2023-24851 is a memory corruption vulnerability in the WLAN HOST component when parsing a QMI response from firmware. It is listed for Qualcomm WLAN and appears in Qualcomm’s July 2023 bulletin; CVSS v3.1 base score 7.8 (LOCAL, LOW attack complexity, HIGH impact on confidentiality, integrity,...
CVE-2023-22387
CVE-2023-22387 describes an arbitrary memory overwrite when a VM is compromised during a TX write, causing memory corruption. The most concrete details in the connected docs are: (1) it is listed under Qualcomm components, specifically in the Qualcomm kernel area, with a high impact and Local att...
CVE-2024-38402
CVE-2024-38402 is a memory corruption via a refcount leak in the Qualcomm ADSPRPC DSP driver (fastrpc_get_process_gids). The vulnerability can enable use-after-free of the group_info structure, exposing kernel memory through a non-saturating refcount that can overflow with repeated calls. Disclos...
CVE-2023-28588
CVE-2023-28588 (Qualcomm Bluetooth) : A transient DoS in the Bluetooth Host during RFC slot allocation affects Qualcomm Chipsets’ Bluetooth component. Public records describe an integer overflow/wraparound issue in the Bluetooth Host as the root cause. The CVSSv3.1 base score is 7.5 (High) with n...
CVE-2023-33029
CVE-2023-33029 involves a memory corruption issue in the Qualcomm DSP Service when a remote call is made from HLOS to DSP. Reports consistently describe it as a DSP Service memory corruption vulnerability; CVSS metrics indicate local attack vector, low privileges, no user interaction, and high im...
CVE-2023-43550
CVE-2023-43550 affects Qualcomm components, describing memory corruption when processing a QMI request to allocate memory from a DHMS‑supported subsystem. The CVSS v3.1 vector indicates a Local, Low‑Complexity, Privileged (low) exploit with no user interaction, and high impact to confidentiality,...
CVE-2024-23372
CVE-2024-23372 is a memory corruption issue described as occurring when invoking an IOCTL for GPU memory allocation with a size parameter larger than expected. Multiple sources identify it in Qualcomm components and related display subsystems, with a high-impact profile (local attack, low privile...
CVE-2025-21468
CVE-2025-21468 describes a memory corruption in Qualcomm chipset drivers when reading a response from firmware if the firmware changes the buffer size while the driver uses that size to append a null terminator. This is a local vulnerability with a CVSS 3.1 base score of 7.8 (High) and impact on ...
CVE-2024-23368
CVE-2024-23368 is a memory corruption issue in Qualcomm’s embedded platform concerning the SMEM Partition Handler. The vulnerability arises when allocating and accessing an entry in an SMEM partition, effectively a classic buffer copy without proper input size checking, which can lead to memory c...
CVE-2023-28584
CVE-2023-28584 describes a transient DoS in Qualcomm WLAN Host when a mobile station receives an invalid channel in the Channel Switch Announcement (CSA) Information Element during a CSA. Affected component: Qualcomm WLAN/closed‑source WLAN stack in Qualcomm chipsets mentioned in multiple records...
CVE-2023-33087
CVE-2023-33087 describes a memory corruption in Core when processing RX intent requests in Qualcomm chipsets (buffer copy without checking input size). Reported base CVSSv3.1: 7.8 (HIGH) with LOCAL attack vector, LOW exploit complexity, and no user interaction; impacts confidentiality, integrity,...
CVE-2024-23354
CVE-2024-23354 is a memory-corruption issue in Qualcomm chipsets triggered when an IOCTL is interrupted by a signal. Documented in Qualcomm security bulletins and reflected across sources (NVD, RH, CNNVD, OSV). The records do not specify affected models/versions or a confirmed patch; exploitation...
CVE-2024-53027
CVE-2024-53027 is a transient DoS vulnerability triggered while processing a malformed Country Information Element in Qualcomm WLAN firmware and Bluetooth stacks. Exploitation requires proximity (remote over Wi‑Fi/Bluetooth) and can crash the chipset firmware, potentially disrupting connectivity ...
CVE-2023-33092
CVE-2023-33092 describes a memory corruption in the Bluetooth HOST path when processing a pin reply whose value from the APP layer exceeds the expected size. The issue is caused by a buffer copy without adequate input-size checks. Reported impact in sources indicates high/severe consequences with...
CVE-2023-33113
CVE-2023-33113 affects Qualcomm kernel, where memory corruption occurs when the resource manager replies to the host kernel with multiple fragments. Public descriptions identify a classic buffer overflow style issue in the kernel component, with CVSS indicating local, low-privilege access and hig...
CVE-2024-33042
CVE-2024-33042 describes a memory corruption in Qualcomm WLAN-related components when the Alternative Frequency offset is set to 255. Connected sources identify the issue as affecting Qualcomm chipsets (WLAN subcomponent) and classify it as a high-severity, local EoP-style vulnerability with pote...
CVE-2023-22386
CVE-2023-22386 is a memory-corruption vulnerability in Qualcomm WLAN components. The issue occurs when processing WLAN firmware memory allocation requests, affecting Qualcomm WLAN subsystems embedded in devices running Android. The CVE is listed in Qualcomm’s July 2023 bulletin and tied to a High...
CVE-2023-28582
CVE-2023-28582 is a memory corruption vulnerability in Qualcomm Data Modem triggered during the DTLS handshake when verifying the hello-verify message. Root cause: a buffer copy without checking input size. By sending crafted DTLS messages over the network, a remote attacker could potentially exe...
CVE-2024-23351
CVE-2024-23351 is a memory corruption vulnerability affecting Qualcomm GPU/display components where GPU registers beyond the last protected range are accessible via LPAC submissions. The issue is described across multiple sources (NVD, Red Hat advisory, CVE lists) as memory corruption due to out-...
CVE-2024-33060
CVE-2024-33060 is a use-after-free race in Qualcomm’s DSP/adsprpc driver (fastrpc_mmap) that can occur when global and local mappings are concurrently created and freed. The vulnerability centers on fastrpc_mmap_create, fastrpc_mmap_add, and related epilogue paths (mem_map_to_dsp, munmap/mmap_fre...
CVE-2024-38415
CVE-2024-38415 corresponds to memory corruption during handling of firmware session errors in Qualcomm components (notably Qualcomm/Qualcomm Snapdragon Auto context appears in some feeds). The CVSS v3.1 metrics indicate a HIGH base score (7.8) with LOCAL attack vector, LOW privileges required, no...
CVE-2024-49834
CVE-2024-49834 describes memory corruption during the power-up/power-down sequence of the camera sensor in Qualcomm-based devices. The entry indicates a LOCAL attack vector, LOW privileges required, and no user interaction, with HIGH impact on confidentiality, integrity, and availability per the ...
CVE-2023-24854
CVE-2023-24854 describes a memory corruption in the WLAN HOST component when parsing a QMI WLAN firmware response message. The entry is tied to Qualcomm WLAN, with CVSS v3.1: Local attack vector, low privileges required, no user interaction, and impacts to confidentiality, integrity, and availabi...
CVE-2024-49838
CVE-2024-49838 is an information disclosure vulnerability in Qualcomm WLAN components (Qualcomm closed- and open-source areas) caused by parsing an OCI IE with invalid length. Connected sources indicate this CVE is tracked in Qualcomm security advisories and appears in the Android March 2025 bull...
CVE-2024-49833
CVE-2024-49833 is a memory corruption vulnerability in the camera triggered by an invalid CID, reported across Qualcomm components and Android security bulletins. Affected area is the camera stack from Qualcomm—details cite memory corruption as the underlying flaw with high impact (C:H, I:H, A:H)...
CVE-2024-53024
CVE-2024-53024: Memory corruption in the Qualcomm display driver when detaching a device. Affected: Qualcomm display driver (closed-source component) with local attack vector and high impact on confidentiality, integrity, and availability (per CVSS v3.1). Root cause: memory corruption in the disp...
CVE-2025-21453
CVE-2025-21453 describes memory corruption in Qualcomm components due to a use-after-free style issue when an iterator is accessed after removal, with the GPS HLOS driver specifically listed in CVE records. Public records (NVD/NCSC/Red Hat CVEs) corroborate the memory-corruption description and t...
CVE-2024-21475
CVE-2024-21475 affects Qualcomm chipsets; memory corruption occurs when the firmware payload length does not match the expected protocol size, due to improper handling of payload length. Impact is high (C/H/I/A) with a local attack vector, low privileges required, and no user interaction. Remedia...
CVE-2024-33045
CVE-2024-33045 involves memory corruption in the Qualcomm ADSP/BTFM pathway when the BTFM client sends new messages over Slimbus. The root cause, as detailed in connected documents, relates to improper handling of a local completion variable (done) in the Slimbus transfer paths (qcom slim ngd xfe...
CVE-2024-33050
CVE-2024-33050 affects Qualcomm WLAN host components and describes a Transient Denial of Service during MBSSID processing when constructing new Information Elements in beacon/probe frames. Root cause is a missing/improper IE length check; impact is DoS with network access, no confidentiality/inte...
CVE-2026-21385
CVE-2026-21385 is a memory corruption vulnerability in the Qualcomm Display component (graphics) used by Qualcomm chipsets, caused by memory alignment handling during allocation. Exploitation has been observed in the wild in a limited, targeted manner, with attackers able to push malicious data t...
CVE-2024-21471
CVE-2024-21471 concerns memory corruption that occurs when an IOMMU fails to unmap a GPU buffer in Linux. Multiple connected sources corroborate a memory corruption condition tied to IOMMU unmapping of GPU buffers, affecting Qualcomm-related components (as referenced in Qualcomm security discussi...
CVE-2024-33038
CVE-2024-33038 involves memory corruption when untrusted or corrupted pointers are passed from DSP to EVA in a Qualcomm/Camera-related Computer Vision path. The issue is characterized as local, with low attack complexity and high impact on confidentiality, integrity, and availability. Public refe...
CVE-2024-53014
CVE-2024-53014 = memory corruption in Qualcomm’s Audio driver during validation of ports/channels. Root cause: improper input validation within the audio component (port/channel validation). Impact is high (CVE described as local, with high confidentiality, integrity, and availability impact; att...
CVE-2023-33028
CVE-2023-33028 describes a memory corruption vulnerability in Qualcomm WLAN firmware during a pmk cache memory copy, classified as buffer copy without checking size. Public records indicate potential remote code execution with high impact on confidentiality, integrity, and availability (CVSS 3.1:...
CVE-2024-33043
CVE-2024-33043 is a Qualcomm chipset issue described as a transient Denial of Service when handling a PS event with the Program Service name length offset set to 255. Documented impact is local DoS (CVSS v3.1: 5.5, Medium) with Local attack vector and Low privileges required; no exploit details o...
CVE-2023-22388
CVE-2023-22388 describes memory corruption in the Qualcomm Multi-mode Call Processor when handling a bit mask API. The issue is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and is described as network-exploitable with no user interaction and no privileges required; impact spans confid...
CVE-2024-33052
CVE-2024-33052 describes a memory corruption in the FM Host/HCI control path when data is provided for FM HCI commands. The vulnerability is tied to Qualcomm chipsets and is classified as local with low privileges and no user interaction, and the impact is rated high (confidentiality, integrity, ...
CVE-2023-33025
CVE-2023-33025 is a memory corruption issue in the Qualcomm Data Modem that occurs when a non-standard SDP body is received during a VOLTE call. The vulnerability affects Qualcomm closed-source Data Modem components and is described as a high-severity fault with potential impact to confidentialit...