CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-21453 – Use After Free in GPS HLOS Driver
https://notcve.org/view.php?id=CVE-2025-21453
06 May 2025 — Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Corrupción de memoria durante el procesamiento de una estructura de datos, cuando se accede a un iterador luego de haberlo eliminado, ocurren fallas potenciales. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49842 – Improper Access Control in Hypervisor
https://notcve.org/view.php?id=CVE-2024-49842
06 May 2025 — Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Corrupción de memoria durante la asignación de memoria al espacio de dirección de VM protegido debido a restricciones de API incorrectas. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-49841 – Detection of Error Condition Without Action in Hypervisor
https://notcve.org/view.php?id=CVE-2024-49841
06 May 2025 — Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Corrupción de memoria durante la asignación de memoria a una máquina virtual periférica sin cabeza debido a un manejo incorrecto del código de error. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-49835 – Out-of-bounds Write in SPS Applications
https://notcve.org/view.php?id=CVE-2024-49835
06 May 2025 — Memory corruption while reading secure file. Corrupción de memoria al leer un archivo seguro. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2025-21430 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2025-21430
07 Apr 2025 — Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21429 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2025-21429
07 Apr 2025 — Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-21428 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2025-21428
07 Apr 2025 — Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: 0%CPEs: 15EXPL: 0CVE-2024-45551 – Weak Authentication in HLOS
https://notcve.org/view.php?id=CVE-2024-45551
07 Apr 2025 — Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-1390: Weak Authentication •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2024-43046 – Information Exposure in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-43046
07 Apr 2025 — There may be information disclosure during memory re-allocation in TZ Secure OS. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-33058 – Insufficient Granularity of Access Control in Core
https://notcve.org/view.php?id=CVE-2024-33058
07 Apr 2025 — Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-1220: Insufficient Granularity of Access Control •