Total
100
Critical
9
High
81
Medium
10
CISA KEV
1
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
Transient DOS in Data modem while handling TLB control messages from the Network.
Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.
Transient DOS in Modem after RRC Setup message is received.
Memory corruption while using the UIM diag command to get the operators name.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
Transient DOS in WLAN Firmware while parsing no-inherit IES.
Memory corruption in DSP Service during a remote call from HLOS to DSP.
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
Transient DOS in WLAN Firmware while parsing rsn ies.
Transient DOS in WLAN Firmware while parsing a NAN management frame.
Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
Transient DOS in Audio while remapping channel buffer in media codec decoding.
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
Transient DOS while parsing WLAN beacon or probe-response frame.
Transient DOS in WLAN Firmware while processing frames with missing header fields.
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
Memory corruption in WLAN HOST while receiving an WMI event from firmware.
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
Transient DOS due to improper authorization in Modem
Memory corruption due to double free in Core while mapping HLOS address to the list.
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
Transient DOS due to reachable assertion in Modem because of invalid network configuration.
information disclosure due to cryptographic issue in Core during RPMB read request.
Assertion occurs while processing Reconfiguration message due to improper validation
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.
Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.
Memory corruption due to double free in core while initializing the encryption key.
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
Transient DOS in modem due to reachable assertion.
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Memory corruption due to improper validation of array index in Multi-mode call processor.
Transient DOS due to reachable assertion in Modem while processing SIB1 Message.
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.
Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Memory corruption in modem due to buffer overflow while processing a PPP packet
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Information Disclosure in Graphics during GPU context switch.
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Transient DOS due to improper input validation in WLAN Host.
Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Memory corruption due to improper access control in Qualcomm IPC.
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
Memory corruption due to stack-based buffer overflow in Core
Information disclosure due to buffer overread in Core
Information disclosure due to buffer overread in Core
Memory corruption in Core due to stack-based buffer overflow.
Memory corruption in Automotive Android OS due to improper input validation.
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
Denial of service in MODEM due to improper pointer handling
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
