
CVE-2024-45552 – Buffer Over-read in Data Network Stack & Connectivity
https://notcve.org/view.php?id=CVE-2024-45552
07 Apr 2025 — Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •

CVE-2024-45551 – Weak Authentication in HLOS
https://notcve.org/view.php?id=CVE-2024-45551
07 Apr 2025 — Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-1390: Weak Authentication •

CVE-2024-43066 – Use After Free in HLOS
https://notcve.org/view.php?id=CVE-2024-43066
07 Apr 2025 — Memory corruption while handling file descriptor during listener registration/de-registration. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-416: Use After Free •

CVE-2024-43065 – Exposed Dangerous Method or Function in HLOS
https://notcve.org/view.php?id=CVE-2024-43065
07 Apr 2025 — Cryptographic issues while generating an asymmetric key pair for RKP use cases. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-749: Exposed Dangerous Method or Function •

CVE-2024-43046 – Information Exposure in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-43046
07 Apr 2025 — There may be information disclosure during memory re-allocation in TZ Secure OS. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2024-33058 – Insufficient Granularity of Access Control in Core
https://notcve.org/view.php?id=CVE-2024-33058
07 Apr 2025 — Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-1220: Insufficient Granularity of Access Control •

CVE-2025-21424 – Use After Free in NPU
https://notcve.org/view.php?id=CVE-2025-21424
03 Mar 2025 — Memory corruption while calling the NPU driver APIs concurrently. msm_npu has a race condition between npu_host_unload_network and npu_host_exec_network_v2 that leads to memory corruption. • https://packetstorm.news/files/id/189958 • CWE-416: Use After Free •

CVE-2024-53027 – Buffer Copy Without Checking Size of Input in WLAN Host
https://notcve.org/view.php?id=CVE-2024-53027
03 Mar 2025 — Transient DOS may occur while processing the country IE. • https://github.com/ladyg00se/CVE-2024-53027-WIP • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-53024 – NULL Pointer Dereference in Display
https://notcve.org/view.php?id=CVE-2024-53024
03 Mar 2025 — Memory corruption in display driver while detaching a device. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-476: NULL Pointer Dereference •

CVE-2024-53023 – Use After Free in Automotive Android OS
https://notcve.org/view.php?id=CVE-2024-53023
03 Mar 2025 — Memory corruption may occur while accessing a variable during extended back to back tests. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-416: Use After Free •