CVE-2025-21427

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

CVE-2025-21432

Memory corruption while retrieving the CBOR data from TA.

CVE-2025-21433

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

CVE-2025-21446

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

CVE-2025-27047

Memory corruption while processing the TESTPATTERNCONFIG escape path.

CVE-2025-27050

Memory corruption while processing event close when client process terminates abruptly.

CVE-2025-21456

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.

CVE-2025-21452

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.

CVE-2025-21477

Transient DOS while processing CCCH data when NW sends data with invalid length.

CVE-2025-27073

Transient DOS while creating NDP instance.

CVE-2025-27076

Memory corruption while processing simultaneous requests via escape path.

CVE-2025-21474

Memory corruption while processing commands from A2dp sink command queue.

CVE-2025-27065

Transient DOS while processing a frame with malformed shared-key descriptor.

CVE-2025-27075

Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.

CVE-2025-21461

Memory corruption when programming registers through virtual CDM.