77 matches found
CVE-2025-21479
CVE-2025-21479 is a memory corruption vulnerability in Qualcomm Adreno GPU drivers caused by unauthorized command execution in a GPU micronode during a specific command sequence. Public details indicate it affects Adreno A7xx devices (e.g., Snapdragon 8 Gen 1+ era) and can enable kernel memory re...
CVE-2025-21480
CVE-2025-21480 is reported as a memory corruption due to unauthorized command execution in the GPU micronode while executing a specific sequence of commands, affecting Qualcomm chipsets (notably Qualcomm FastConnect 7800 and other chipsets). The connected documents confirm this CVE is categorized...
CVE-2025-21424
CVE-2025-21424 affects Qualcomm MSM NPU kernel driver. Root cause: memory corruption due to concurrent calls to NPU driver APIs (race condition between NPU host unload and exec paths cited by PacketStorm). Impact described as memory corruption with local access and high confidentiality/integrity/...
CVE-2024-53027
CVE-2024-53027 is a transient DoS vulnerability triggered while processing a malformed Country Information Element in Qualcomm WLAN firmware and Bluetooth stacks. Exploitation requires proximity (remote over Wi‑Fi/Bluetooth) and can crash the chipset firmware, potentially disrupting connectivity ...
CVE-2024-49843
CVE-2024-49843 corresponds to memory corruption during processing of an IOCTL from user space to handle a GPU AHB bus error on Qualcomm chipsets. The issue affects memory handling in the IOCTL path and is exploitable with local access (CVSSv3.1: Local access, Low privileges, no user interaction) ...
CVE-2024-49834
CVE-2024-49834 describes memory corruption during the power-up/power-down sequence of the camera sensor in Qualcomm-based devices. The entry indicates a LOCAL attack vector, LOW privileges required, and no user interaction, with HIGH impact on confidentiality, integrity, and availability per the ...
CVE-2024-49838
CVE-2024-49838 is an information disclosure vulnerability in Qualcomm WLAN components (Qualcomm closed- and open-source areas) caused by parsing an OCI IE with invalid length. Connected sources indicate this CVE is tracked in Qualcomm security advisories and appears in the Android March 2025 bull...
CVE-2024-53024
CVE-2024-53024: Memory corruption in the Qualcomm display driver when detaching a device. Affected: Qualcomm display driver (closed-source component) with local attack vector and high impact on confidentiality, integrity, and availability (per CVSS v3.1). Root cause: memory corruption in the disp...
CVE-2025-21453
CVE-2025-21453 describes memory corruption in Qualcomm components due to a use-after-free style issue when an iterator is accessed after removal, with the GPS HLOS driver specifically listed in CVE records. Public records (NVD/NCSC/Red Hat CVEs) corroborate the memory-corruption description and t...
CVE-2024-33045
CVE-2024-33045 involves memory corruption in the Qualcomm ADSP/BTFM pathway when the BTFM client sends new messages over Slimbus. The root cause, as detailed in connected documents, relates to improper handling of a local completion variable (done) in the Slimbus transfer paths (qcom slim ngd xfe...
CVE-2024-33050
CVE-2024-33050 affects Qualcomm WLAN host components and describes a Transient Denial of Service during MBSSID processing when constructing new Information Elements in beacon/probe frames. Root cause is a missing/improper IE length check; impact is DoS with network access, no confidentiality/inte...
CVE-2024-53014
CVE-2024-53014 = memory corruption in Qualcomm’s Audio driver during validation of ports/channels. Root cause: improper input validation within the audio component (port/channel validation). Impact is high (CVE described as local, with high confidentiality, integrity, and availability impact; att...
CVE-2024-43048
CVE-2024-43048 concerns memory corruption caused by invalid input to the GPU Headroom API call in Qualcomm closed‑source components. The available documents indicate a local attack vector with low privileges and no user interaction, and the CVSS 3.1 vector quotes a high impact on confidentiality,...
CVE-2024-45553
CVE-2024-45553 describes a memory corruption vulnerability in Qualcomm components where process-specific maps are added to a global list. The issue can manifest if a map is removed from the global list while another thread is using it for a process-specific task. The canonical description across ...
CVE-2024-38421
CVE-2024-38421 corresponds to a memory corruption vulnerability in Qualcomm GPU command processing. The issue affects Qualcomm GPU/Display-related components and is described as “Memory corruption while processing GPU commands.” The CVE entry lists a high impact with CVSS 3.1 metrics indicating l...
CVE-2024-38422
CVE-2024-38422 describes a memory corruption vulnerability in Qualcomm components related to audio processing, triggered when handling voice packets with arbitrary data received from the ADSP. The issue is evidenced in the CVE listing with a high impact (confidentiality, integrity, and availabili...
CVE-2025-21430
CVE-2025-21430 is a Qualcomm WLAN (WLAN Host) vulnerability described as a transient Denial of Service during STA-to-AP connection and ADD TS request to establish a TSpec session. The CVSS 3.1 base score is 7.5 (Network, Low attack complexity, No privileges, No user interaction, Availability impa...
CVE-2024-49848
CVE-2024-49848 concerns memory corruption in Qualcomm ADSPRPC FP/DSP interaction (the adsprpc kernel driver) via fastrpc_mmap structures. The provided sources describe a use-after-free vulnerability in FASTRPC_ATTR_KEEP_MAP handling that can allow a freed fastrpc_mmap object to be referenced by a...
CVE-2024-33016
CVE-2024-33016 pertains to Siemens SCALANCE W700, where the vulnerability is described as memory corruption that occurs when an invalid firehose patch command is invoked. The Tenable Nessus plugin explicitly identifies this CVE in the context of Siemens SCALANCE W700 and notes the affected asset ...
CVE-2024-53015
CVE-2024-53015 describes a memory corruption issue in Qualcomm chipsets triggered when processing IOCTL commands to handle buffers for a session. The vulnerability affects IOCTL buffer handling code and is evidenced by multiple feeds (NVD and Red Hat advisories) reporting memory corruption withou...
CVE-2024-53026
CVE-2024-53026 describes an information-disclosure vulnerability triggered by receiving an invalid RTCP packet during a VoLTE/VoWiFi IMS call. Connected sources associate this with Qualcomm chipsets and note public advisories/patches refer to this issue; however, concrete technical details about ...
CVE-2024-49835
CVE-2024-49835 is described as memory corruption while reading a secure file in Qualcomm closed‑source components. The CVSS v3.1 vector indicates a local, low‑privilege, low‑complexity attacker could trigger a high‑impact issue (C: High; I: High; A: High) with no user interaction. Several connect...
CVE-2024-53010
CVE-2024-53010 describes a memory-corruption issue that can occur when attaching a VM if the Host OS retains access to the VM. The connected sources indicate this affects Qualcomm Snapdragon/closed‑source components and is categorized as high severity (CVSS v3.1: 7.8, Local, Privileges Required: ...
CVE-2024-33056
CVE-2024-33056 describes a memory corruption issue in Qualcomm components involving sequential allocation/access of an entry in the SMEM partition. Affected are Qualcomm closed‑source components and related security processor context; root cause is memory corruption from continuous SMEM entry han...
CVE-2024-49845
CVE-2024-49845 is described as memory corruption during the FRS UDS generation process in Qualcomm chipsets (HLOS/Qualcomm components context). The issue is concrete in multiple sources (CVE records, vendor records and third‑party enrichments) and is classified with a high impact score in CVSS v3...
CVE-2024-53021
CVE-2024-53021 is a Qualcomm chipset vulnerability described in connected PT-2025-23579 and PT-2025-23577 as an information-disclosure issue that occurs while processing goodbye RTCP/RTP packets. The root cause is a buffer over-read in the data network stack during decoding/construction of RTCP h...
CVE-2024-45584
CVE-2024-45584 involves memory corruption in Qualcomm chipsets caused by a sequence: a compat IOCTL call followed by a normal IOCTL call from userspace. The vulnerability arises from the call order, potentially allowing memory corruption with local access. Public descriptions consistently state t...
CVE-2024-23362
CVE-2024-23362 is a cryptographic issue in Qualcomm closed‑source components related to parsing RSA keys in the COBR format. The vulnerability is tied to the Trusted Execution Environment in Qualcomm chipsets and is tracked across multiple feeds (Red Hat, CVE databases, and vendor bulletins). The...
CVE-2024-53020
CVE-2024-53020 is reported as information disclosure that may occur when decoding RTP packets with an invalid header extension, linked to Qualcomm chipsets’ data/network stack. Connected sources describe a buffer over-read and information disclosure risk in the affected component but do not provi...
CVE-2024-53019
CVE-2024-53019 is a buffer over-read in Qualcomm closed-source components of the Data Network Stack during RTP packet processing. The root cause is an improper RTP header length handling for the number of contributing sources, leading to information disclosure. The CVSSv3.1 base score is 8.2 (Hig...
CVE-2024-23369
CVE-2024-23369 describes a memory corruption issue in Qualcomm chipsets triggered when an invalid length is provided for HLOS-facing FRS/UDS buffers. The root cause is a boundary/length handling defect that can affect the memory region when processing those buffers. The CVE is rated with CVSS v3....
CVE-2025-21483
CVE-2025-21483 affects Qualcomm Snapdragon embedded platform firmware in the Data Network Stack & Connectivity component. It stems from a buffer overflow during RTP packet reassembly of NAL units, leading to memory corruption in the UE. The CVSS 3.1/3.1 vector is Network, Privileges=None, User in...
CVE-2024-43051
The CVE-2024-43051 entry describes an Information disclosure during session key derivation for Widevine use. Connected sources confirm this affects Qualcomm closed‑source components (CVE-2024-43051) and that the issue is listed in Android security bulletins with patch levels addressing these vuln...
CVE-2024-38419
CVE-2024-38419 corresponds to memory corruption when invoking IOCTL calls from user-space for the HGSL memory node in Qualcomm chipsets. The issue affects a memory node in HGSL, with a local attack vector and low privileges required; exploitation status is not detailed in the provided documents. ...
CVE-2024-43056
CVE-2024-43056 describes a transient denial-of-service during hypervisor virtual I/O operations in Qualcomm chipset environments. The linked CVE listings emphasize that the issue manifests as a DOS in a virtual machine due to a hypervisor I/O path condition (buffer over-read is noted in CVE listi...
CVE-2024-38424
CVE-2024-38424 affects Qualcomm Snapdragon Auto devices. The vulnerability is described as memory corruption during GNSS HAL process initialization (GNSS HAL init). The CVE has a high impact rating (CVSS v3.1: 7.8) with local attack vector and potential harm to confidentiality, integrity, and ava...
CVE-2024-33058
CVE-2024-33058 concerns memory corruption that occurs when allocating memory from source DDR memory (HLOS) to the ADSP in Qualcomm closed‑source components. The CVSS 3.1 metrics show a Local attack vector, High impact on confidentiality, integrity, and availability, with a High base score (7.5) a...
CVE-2024-43046
CVE-2024-43046 describes an information disclosure vulnerability affecting TZ Secure OS on Qualcomm chipsets, triggered by memory re-allocation where sensitive memory content may be exposed. The CVE notes a memory re-allocation issue but the provided documents do not specify affected product vers...
CVE-2024-45549
CVE-2024-45549 is a Qualcomm-related vulnerability described as information disclosure occurring when creating MQ channels. The entry is classified as High severity (CVSS 3.1 base 7.7: Local attack, no privileges required, low attack complexity, confidentiality impact High). It is associated with...
CVE-2024-45551
CVE-2024-45551 targets Qualcomm closed‑source components (Gatekeeper) and describes a cryptographic issue during PIN/password verification. The vulnerability arises when RPMB writes can be dropped on verification failure, potentially enabling a user throttling bypass. The available sources confir...
CVE-2025-27042
CVE-2025-27042 is a memory corruption vulnerability in Qualcomm video handling. The affected area is the Qualcomm video pipeline when processing video packets from the video firmware, with a root cause described as memory corruption. CVSS 3.1 base score 7.8 (HIGH) indicates local attack vector, l...
CVE-2024-43065
CVE-2024-43065 affects Qualcomm chipsets with cryptographic issues in the generation of asymmetric key pairs for RKP use cases. The root cause is a flaw in how key material is generated, leading to potential weaknesses in confidentiality and integrity. The CVSS base metrics indicate a high impact...
CVE-2025-27061
CVE-2025-27061 is a Qualcomm vulnerability in the Video subsystem: memory corruption/out-of-bounds write while parsing video packets from the video firmware during subsystem-failure memory handling. Affected: Qualcomm Video (closed- or firmware components) within the device’s video pipeline. Impa...
CVE-2025-47345
Technical details (affected products, versions, root cause, fixes) are not publicly provided in the connected documents. Monitor for updates from Qualcomm and related security bulletins.
CVE-2025-27043
CVE-2025-27043 : The vulnerability is a memory corruption issue in Qualcomm video firmware caused by processing a manipulated payload in the video subsystem. The CVSS 3.1 base metrics indicate an overall HIGH impact (Confidentiality, Integrity, Availability = High) with Local attack vector, Low a...
CVE-2025-21450
CVE-2025-21450 describes a cryptographic issue arising from the use of an insecure connection method during download, affecting Qualcomm closed‑source components. The entry is labeled critical (CVSS 3.1: 9.1) with network attack vector and high impact on confidentiality and integrity. Connected d...
CVE-2025-47382
CVE-2025-47382 affects Qualcomm embedded platform firmware bootloader, where memory corruption occurs when loading invalid firmware. The root cause is an authorization mechanism deficiency within the boot process, leading to memory corruption. The CVE details indicate a local attack vector with l...
CVE-2025-21464
CVE-2025-21464 is documented in multiple sources as an information-disclosure (out-of-bounds read) issue affecting Qualcomm closed-source components, with the core vulnerability described as an information disclosure when reading data from an image using a specified offset and size. The CVE is li...
CVE-2025-27066
CVE-2025-27066 describes a transient Denial of Service in Qualcomm WLAN firmware caused by processing ANQP messages. The vulnerability is tied to WLAN firmware components in Qualcomm chipsets; the exact affected product/version details are not provided in the connected documents. No exploitation ...
CVE-2025-47333
CVE-2025-47333 affects Qualcomm chipsets' cryptographic driver, with memory corruption occurring while handling buffer mapping operations. The root cause is a flaw in how the driver manages memory during mapBuffer processing, which may lead to crashes or unpredictable behavior. Exploitation detai...