CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21423 – Improper Validation of Array Index in Display
https://notcve.org/view.php?id=CVE-2025-21423
07 Apr 2025 — Memory corruption occurs when handling client calls to EnableTestMode through an Escape call. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21421 – Buffer Over-read in Display
https://notcve.org/view.php?id=CVE-2025-21421
07 Apr 2025 — Memory corruption while processing escape code in API. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 1CVE-2024-49848 – Use After Free in DSP Service
https://notcve.org/view.php?id=CVE-2024-49848
07 Apr 2025 — Memory corruption while processing multiple IOCTL calls from HLOS to DSP. A FASTRPC_ATTR_KEEP_MAP logic bug allows fastrpc_internal_munmap_fd to concurrently free in-use mappings leading to a use-after-free condition. • https://packetstorm.news/files/id/190388 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45557 – Use of Out-of-range Pointer Offset in Trust Management Engine
https://notcve.org/view.php?id=CVE-2024-45557
07 Apr 2025 — Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45556 – Improper Access Control for Register Interface in TZ Firmware
https://notcve.org/view.php?id=CVE-2024-45556
07 Apr 2025 — Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-1262: Improper Access Control for Register Interface •
CVSS: 8.5EPSS: 0%CPEs: 19EXPL: 0CVE-2024-45552 – Buffer Over-read in Data Network Stack & Connectivity
https://notcve.org/view.php?id=CVE-2024-45552
07 Apr 2025 — Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: 0%CPEs: 15EXPL: 0CVE-2024-45551 – Weak Authentication in HLOS
https://notcve.org/view.php?id=CVE-2024-45551
07 Apr 2025 — Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-1390: Weak Authentication •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45549 – Exposure of Sensitive System Information to an Unauthorized Control Sphere in KERNEL
https://notcve.org/view.php?id=CVE-2024-45549
07 Apr 2025 — Information disclosure while creating MQ channels. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45543 – Out-of-bounds Write in Audio
https://notcve.org/view.php?id=CVE-2024-45543
07 Apr 2025 — Memory corruption while accessing MSM channel map and mixer functions. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43067 – Time-of-check Time-of-use (TOCTOU) Race Condition in Camera
https://notcve.org/view.php?id=CVE-2024-43067
07 Apr 2025 — Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •