CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-21453 – Use After Free in GPS HLOS Driver
https://notcve.org/view.php?id=CVE-2025-21453
06 May 2025 — Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Corrupción de memoria durante el procesamiento de una estructura de datos, cuando se accede a un iterador luego de haberlo eliminado, ocurren fallas potenciales. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21448 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2025-21448
07 Apr 2025 — Transient DOS may occur while parsing SSID in action frames. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2025-21430 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2025-21430
07 Apr 2025 — Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21429 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2025-21429
07 Apr 2025 — Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-43066 – Use After Free in HLOS
https://notcve.org/view.php?id=CVE-2024-43066
07 Apr 2025 — Memory corruption while handling file descriptor during listener registration/de-registration. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2025-21424 – Use After Free in NPU
https://notcve.org/view.php?id=CVE-2025-21424
03 Mar 2025 — Memory corruption while calling the NPU driver APIs concurrently. msm_npu has a race condition between npu_host_unload_network and npu_host_exec_network_v2 that leads to memory corruption. • https://packetstorm.news/files/id/189958 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2024-53014 – Improper Validation of Array Index in Audio
https://notcve.org/view.php?id=CVE-2024-53014
03 Mar 2025 — Memory corruption may occur while validating ports and channels in Audio driver. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-43051 – Improper Authorization in SPS-HLOS
https://notcve.org/view.php?id=CVE-2024-43051
03 Mar 2025 — Information disclosure while deriving keys for a session for any Widevine use case. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-38426 – Improper Authentication in Modem
https://notcve.org/view.php?id=CVE-2024-38426
03 Mar 2025 — While processing the authentication message in UE, improper authentication may lead to information disclosure. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38418 – Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Linux
https://notcve.org/view.php?id=CVE-2024-38418
03 Feb 2025 — Memory corruption while parsing the memory map info in IOCTL calls. • https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •