Qualcomm Product
by Qualcomm
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47372 | Cri | 0.59 | 9.0 | 0.00 | Dec 18, 2025 | Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | ||
| CVE-2024-33023 | Hig | 0.55 | 8.4 | 0.00 | Aug 5, 2024 | Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. | ||
| CVE-2023-43531 | Hig | 0.55 | 8.4 | 0.00 | May 6, 2024 | Memory corruption while verifying the serialized header when the key pairs are generated. | ||
| CVE-2025-47350 | Hig | 0.51 | 7.8 | 0.00 | Dec 18, 2025 | Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. | ||
| CVE-2025-47317 | Hig | 0.51 | 7.8 | 0.00 | Sep 24, 2025 | Memory corruption due to global buffer overflow when a test command uses an invalid payload type. | ||
| CVE-2025-27050 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Memory corruption while processing event close when client process terminates abruptly. | ||
| CVE-2025-21445 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. | ||
| CVE-2025-27031 | Hig | 0.51 | 7.8 | 0.00 | Jun 3, 2025 | memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed. | ||
| CVE-2025-21469 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2025 | Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. | ||
| CVE-2025-21468 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2025 | Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. | ||
| CVE-2025-21462 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2025 | Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit. | ||
| CVE-2025-21460 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2025 | Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. | ||
| CVE-2025-21453 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2025 | Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. | ||
| CVE-2025-21442 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2025 | Memory corruption while transmitting packet mapping information with invalid header payload size. | ||
| CVE-2025-21436 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2025 | Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | ||
| CVE-2024-38418 | Hig | 0.51 | 7.8 | 0.00 | Feb 3, 2025 | Memory corruption while parsing the memory map info in IOCTL calls. | ||
| CVE-2024-49847 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2025 | Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. | ||
| CVE-2024-33020 | Hig | 0.49 | 7.5 | 0.00 | Aug 5, 2024 | Transient DOS while processing TID-to-link mapping IE elements. | ||
| CVE-2024-33059 | Med | 0.44 | 6.7 | 0.00 | Jan 6, 2025 | Memory corruption while processing frame command IOCTL calls. | ||
| CVE-2023-43544 | Med | 0.44 | 6.7 | 0.00 | Jun 3, 2024 | Memory corruption when IPC callback handle is used after it has been released during register callback by another thread. |
- risk 0.59cvss 9.0epss 0.00
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
- risk 0.55cvss 8.4epss 0.00
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
- risk 0.55cvss 8.4epss 0.00
Memory corruption while verifying the serialized header when the key pairs are generated.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
- risk 0.51cvss 7.8epss 0.00
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing event close when client process terminates abruptly.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.
- risk 0.51cvss 7.8epss 0.00
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while transmitting packet mapping information with invalid header payload size.
- risk 0.51cvss 7.8epss 0.00
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while parsing the memory map info in IOCTL calls.
- risk 0.49cvss 7.5epss 0.00
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
- risk 0.49cvss 7.5epss 0.00
Transient DOS while processing TID-to-link mapping IE elements.
- risk 0.44cvss 6.7epss 0.00
Memory corruption while processing frame command IOCTL calls.
- risk 0.44cvss 6.7epss 0.00
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
Page 1 of 2