Lucene search
+L
QualcommSnapdragon 425 Mobile Platform Firmware

38 matches found

CVE
CVE
added 2023/12/05 3:4 a.m.360 views

CVE-2023-33063

CVE-2023-33063 is a Use-After-Free/memory corruption issue in Qualcomm DSP Services triggered by a remote call from HLOS to DSP. Affected: Qualcomm chipsets with DSP Services; root cause: memory corruption leading to potential unintended behavior. Documents indicate high impact (confidentiality, ...

7.8CVSS8.1AI score0.007EPSS
In wild
CVE
CVE
added 2023/12/05 3:4 a.m.352 views

CVE-2023-33107

CVE-2023-33107 is an integer overflow/memory-corruption vulnerability in Graphics Linux affecting Qualcomm display components. The flaw occurs when assigning a shared virtual memory region during an IOCTL, enabling local attacker access with low complexity and no user interaction; impact is rated...

8.4CVSS8.3AI score0.00892EPSS
In wild
CVE
CVE
added 2024/02/06 5:47 a.m.143 views

CVE-2023-43513

CVE-2023-43513: Memory corruption in Qualcomm components due to an untrusted context read pointer during event-ring processing, which may be advanced with arbitrary values and point to the middle of a ring element. According to the provided data, the CVSS v3.1 base metrics are HIGH for Confidenti...

7.8CVSS7.7AI score0.0011EPSS
CVE
CVE
added 2023/11/07 5:26 a.m.135 views

CVE-2023-33059

Mode C: CVE-2023-33059 concerns memory corruption in the Audio component when processing VOC packet data from ADSP, affecting Qualcomm audio/ADSP stacks. Root cause cited across connected sources as a buffer/memory handling issue in VOC packet processing with high impact on confidentiality, integ...

7.8CVSS7.8AI score0.0011EPSS
CVE
CVE
added 2023/12/05 3:3 a.m.132 views

CVE-2023-28588

CVE-2023-28588 (Qualcomm Bluetooth) : A transient DoS in the Bluetooth Host during RFC slot allocation affects Qualcomm Chipsets’ Bluetooth component. Public records describe an integer overflow/wraparound issue in the Bluetooth Host as the root cause. The CVSSv3.1 base score is 7.5 (High) with n...

7.5CVSS7.5AI score0.00522EPSS
CVE
CVE
added 2024/01/02 5:38 a.m.128 views

CVE-2023-33110

The CVE-2023-33110 issue concerns the PCM host voice audio driver on Qualcomm chipsets, where a session index is initialized before PCM is opened, accessed in an event callback from ADSP, and reset on PCM close. This race can lead to memory corruption if callbacks occur as the session index is mo...

7.8CVSS6.8AI score0.00078EPSS
CVE
CVE
added 2024/09/02 10:22 a.m.110 views

CVE-2024-33043

CVE-2024-33043 is a Qualcomm chipset issue described as a transient Denial of Service when handling a PS event with the Program Service name length offset set to 255. Documented impact is local DoS (CVSS v3.1: 5.5, Medium) with Local attack vector and Low privileges required; no exploit details o...

5.5CVSS5.5AI score0.00093EPSS
CVE
CVE
added 2023/11/07 5:26 a.m.108 views

CVE-2023-22388

CVE-2023-22388 describes memory corruption in the Qualcomm Multi-mode Call Processor when handling a bit mask API. The issue is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and is described as network-exploitable with no user interaction and no privileges required; impact spans confid...

9.8CVSS9.6AI score0.00353EPSS
CVE
CVE
added 2024/11/04 10:4 a.m.107 views

CVE-2024-38422

CVE-2024-38422 describes a memory corruption vulnerability in Qualcomm components related to audio processing, triggered when handling voice packets with arbitrary data received from the ADSP. The issue is evidenced in the CVE listing with a high impact (confidentiality, integrity, and availabili...

7.8CVSS7.9AI score0.00103EPSS
CVE
CVE
added 2024/12/02 10:18 a.m.103 views

CVE-2024-43052

CVE-2024-43052 : Memory corruption while processing API calls to the NPU with invalid input. Connected sources corroborate a Qualcomm/NPU-origin issue affecting NPU API handling, with attack vector reported as local and low complexity but resulting in high impact on confidentiality, integrity, an...

7.8CVSS7.8AI score0.00103EPSS
CVE
CVE
added 2023/10/03 5:0 a.m.99 views

CVE-2023-24849

CVE-2023-24849 affects Qualcomm closed‑source Data Modem; the issue is Information Disclosure caused by parsing FMTP lines in SDP messages. Root cause: a flaw in the FMTP parsing logic in the Data Modem leading to confidentiality impact (CVE exhibits High impact, with network attack vector and no...

8.2CVSS7.5AI score0.00299EPSS
CVE
CVE
added 2024/11/04 10:5 a.m.99 views

CVE-2024-38423

CVE-2024-38423 = memory corruption while processing GPU page table switch in Qualcomm GPU/display stack. Exploitation would be local with low complexity and could impact confidentiality, integrity, and availability (CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected sources indicate Qualco...

7.8CVSS7.9AI score0.00102EPSS
CVE
CVE
added 2023/06/06 7:38 a.m.87 views

CVE-2022-40521

CVE-2022-40521 is documented with concrete details in connected sources: a Transient Denial of Service due to improper authorization in Qualcomm baseband/modem components. The issue affects Qualcomm basebands and is described as a DoS vulnerability arising from improper authorization, with a Netw...

7.5CVSS7.5AI score0.00354EPSS
CVE
CVE
added 2023/10/03 5:0 a.m.83 views

CVE-2023-24848

CVE-2023-24848 describes an information disclosure in the Qualcomm Data Modem during VoLTE calls when an undefined RTCP FB line value is observed. Public records here confirm the issue title and network-facing context, with CVE-2023-24848 listed in multiple feeds (NVD, CVE list) and linked to Qua...

8.2CVSS7.5AI score0.00299EPSS
CVE
CVE
added 2025/06/03 5:52 a.m.82 views

CVE-2024-53026

CVE-2024-53026 describes an information-disclosure vulnerability triggered by receiving an invalid RTCP packet during a VoLTE/VoWiFi IMS call. Connected sources associate this with Qualcomm chipsets and note public advisories/patches refer to this issue; however, concrete technical details about ...

8.2CVSS8.1AI score0.00273EPSS
CVE
CVE
added 2023/06/06 7:38 a.m.80 views

CVE-2022-33264

CVE-2022-33264 is a memory corruption issue in Qualcomm modem components caused by a stack-based buffer overflow during parsing of OTASP Key Generation Request Messages. Affects Qualcomm closed-source/modem firmware; CVSS base score ~7.8–7.9 HIGH with LOCAL exploit. The issue is discussed in Qual...

7.9CVSS8.1AI score0.00115EPSS
CVE
CVE
added 2023/12/05 3:4 a.m.80 views

CVE-2023-33018

CVE-2023-33018 describes a memory corruption in the Qualcomm UIM (User Identity Module) related to the diag command used to retrieve the operator’s name. The CVE is rated HIGH with a CVSS v3.1 base score of 7.8 (LOCAL attack vector, LOW attack complexity, LOW privileges required, no user interact...

7.8CVSS7.9AI score0.0011EPSS
CVE
CVE
added 2023/06/06 7:38 a.m.78 views

CVE-2022-22076

CVE-2022-22076 describes information disclosure caused by a cryptographic issue in the Core during RPMB read requests. Public sources in the provided documents (NVD, Red Hat Security Advisory, and other aggregations) state this cryptographic flaw leads to information leakage in Qualcomm-related c...

7.1CVSS5.8AI score0.00113EPSS
CVE
CVE
added 2023/10/03 5:0 a.m.77 views

CVE-2023-24850

CVE-2023-24850 describes memory corruption in HLOS when importing a cryptographic key into the KeyMaster Trusted Application. The vulnerability is associated with Qualcomm closed-source components and is classified with a high impact (CVSS v3.1: AV=L/AC=L/PR=L/UI=N/S=U; C/H/I/A=HIGH). The descrip...

7.8CVSS7.6AI score0.0011EPSS
CVE
CVE
added 2023/12/05 3:3 a.m.77 views

CVE-2023-28550

CVE-2023-28550 affects Qualcomm chipsets, describing memory corruption in MPP performance when accessing the DSM watermark via an external memory address. The vulnerability is tied to improper memory bounds handling within the MPP component, leading to potential high-severity impact (as indicated...

7.8CVSS7.9AI score0.00118EPSS
CVE
CVE
added 2024/01/02 5:38 a.m.76 views

CVE-2023-33030

CVE-2023-33030 is a memory corruption issue in HLOS observed while running the PlayReady use-case on Qualcomm chipsets. Connected details indicate the underlying cause as buffer copy without checking the size of input, leading to potential corruption. Documented impact across sources emphasizes h...

9.3CVSS7.8AI score0.00122EPSS
CVE
CVE
added 2023/10/03 5:0 a.m.75 views

CVE-2023-22385

CVE-2023-22385 is a memory corruption issue in the Qualcomm Data Modem that can occur during MO or MT VOLTE calls. Public documents consistently describe the affected component as the Data Modem and attribute the vulnerability to memory corruption in that subsystem. The CVE appears in multiple fe...

9.8CVSS9.1AI score0.00353EPSS
CVE
CVE
added 2024/01/02 5:38 a.m.72 views

CVE-2023-33033

Technical details (affected products, versions, root cause, fixes) for CVE-2023-33033 are not publicly provided in the supplied connected documents; monitor updates from Qualcomm/Red Hat/NVD references.

8.4CVSS7.8AI score0.00119EPSS
CVE
CVE
added 2024/07/01 2:17 p.m.66 views

CVE-2024-21461

CVE-2024-21461 is a memory-corruption issue in the Keymaster finish-HMAC path triggered when the context is freed by Keymaster. Public details in connected docs indicate the vulnerability affects Android/Keymaster workflows and is rated HIGH severity with local access requirements (per CVSS). Exp...

8.4CVSS8.3AI score0.00104EPSS
CVE
CVE
added 2025/06/03 5:52 a.m.66 views

CVE-2024-53021

CVE-2024-53021 is a Qualcomm chipset vulnerability described in connected PT-2025-23579 and PT-2025-23577 as an information-disclosure issue that occurs while processing goodbye RTCP/RTP packets. The root cause is a buffer over-read in the data network stack during decoding/construction of RTCP h...

8.2CVSS8.1AI score0.00209EPSS
CVE
CVE
added 2023/12/05 3:3 a.m.63 views

CVE-2023-28551

CVE-2023-28551 describes memory corruption in UTILS when the modem processes memory-specific Diag commands with arbitrary address values. The issue affects Qualcomm chipset components (Qualcomm closed-source/Qualcomm components) and is rated with CVSS v3.1: Local access, Low attack complexity, Lo...

7.8CVSS8AI score0.00118EPSS
CVE
CVE
added 2023/12/05 3:3 a.m.62 views

CVE-2023-28546

CVE-2023-28546 corresponds to memory corruption in the SPS Application when exporting a public key in the sorter TA. The connected PT-2023-21794 entry confirms the issue is memory-corruption related with potential code execution, but it does not specify affected versions and provides no informati...

7.8CVSS7.7AI score0.0011EPSS
CVE
CVE
added 2025/06/03 5:52 a.m.61 views

CVE-2024-53020

CVE-2024-53020 is reported as information disclosure that may occur when decoding RTP packets with an invalid header extension, linked to Qualcomm chipsets’ data/network stack. Connected sources describe a buffer over-read and information disclosure risk in the affected component but do not provi...

8.2CVSS8.1AI score0.00209EPSS
CVE
CVE
added 2025/09/24 3:33 p.m.59 views

CVE-2025-21483

CVE-2025-21483 affects Qualcomm Snapdragon embedded platform firmware in the Data Network Stack & Connectivity component. It stems from a buffer overflow during RTP packet reassembly of NAL units, leading to memory corruption in the UE. The CVSS 3.1/3.1 vector is Network, Privileges=None, User in...

9.8CVSS6.9AI score0.00402EPSS
CVE
CVE
added 2024/09/02 10:22 a.m.55 views

CVE-2024-23359

CVE-2024-23359: Information disclosure in Qualcomm chipsets occurs when decoding Tracking Area Update Accept or Attach Accept messages. Connected sources identify this as a information-disclosure issue in Qualcomm closed-source components (Multi Mode Call Processor). Exploitation details are not ...

8.2CVSS8.2AI score0.00264EPSS
CVE
CVE
added 2025/04/07 10:15 a.m.52 views

CVE-2025-21428

CVE-2025-21428 relates to memory corruption in Qualcomm chipsets when a station (STA) connects to an access point (AP) and an ADD TS request is initiated to establish a TSpec session. The vulnerability affects the WLAN host/stack in affected Qualcomm products and is classified with CVSS v3.1 vect...

7.5CVSS7.1AI score0.00243EPSS
CVE
CVE
added 2024/11/04 10:4 a.m.51 views

CVE-2024-23385

CVE-2024-23385 affects Qualcomm closed‑source components. The issue is a Transient DoS where a modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is observed at the user equipment (UE). The connected sources confirm the affected vendor and the high availability impact, but do...

7.5CVSS7AI score0.00244EPSS
CVE
CVE
added 2024/09/02 10:22 a.m.50 views

CVE-2024-23358

CVE-2024-23358 affects Qualcomm closed-source modem components. The root cause is reported as incorrect ciphering key data during OTA registration, triggering a transient Denial of Service. The available documents do not specify affected firmware versions, exact product names, or a remediation/pa...

7.5CVSS7.5AI score0.00263EPSS
CVE
CVE
added 2024/08/05 2:21 p.m.41 views

CVE-2024-23357

CVE-2024-23357 describes a transient DoS when importing a PKCS#8-encoded RSA key with a zero-byte modulus. Connected documents corroborate a Qualcomm/Android context and indicate remediation via security patches (Android patch levels 2024-08-01/05 and related Qualcomm bulletins). Public exploitat...

6.2CVSS6.4AI score0.00094EPSS
CVE
CVE
added 2024/08/05 2:21 p.m.36 views

CVE-2024-23353

CVE-2024-23353 affects Qualcomm components (Multi Mode Call Processor) and describes a transient denial-of-service during decoding an attach reject message received by UE when IEI is set to ESM_IEI. CVSSv3.1 base score 7.5 (High) with network attack vector, no user interaction, and impact limited...

7.5CVSS7.5AI score0.00346EPSS
CVE
CVE
added 2025/09/24 3:33 p.m.24 views

CVE-2025-21482

CVE-2025-21482 describes a cryptographic issue in Qualcomm closed‑source components related to RSA PKCS padding decoding. The CVE is listed as High severity with Local attack vector, Low attack complexity, Low privileges required, and no user interaction, with impacts on Confidentiality and Integ...

7.1CVSS6.6AI score0.0008EPSS
CVE
CVE
added 2025/09/24 3:33 p.m.22 views

CVE-2025-21487

CVE-2025-21487 concerns information disclosure in Qualcomm closed‑source components due to incorrect handling of RTP payload length when decoding packets. The root cause is a buffer length mismatch that can lead to over-read and leakage of information from the UE. The vulnerability is categorized...

8.2CVSS6.5AI score0.00242EPSS
CVE
CVE
added 2025/10/09 3:18 a.m.22 views

CVE-2025-27053

CVE-2025-27053 : A memory corruption issue occurs in the PlayReady APP while processing Trusted Application (TA) commands. The vulnerability affects the PlayReady component and can lead to system instability or compromise. The PT-2025-41342 entry (and related sources) notes the vulnerability and ...

7.8CVSS6.8AI score0.00081EPSS