Qualcomm 215
15 CVEs affecting Qualcomm 215. Latest disclosed: 2025-03-03. Critical: 1, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-11922 | Critical | 9.8 | 2024-11-26 | Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. |
CVE-2023-22667 | High | 8.4 | 2023-07-04 | Memory Corruption in Audio while allocating the ion buffer during the music playback. |
CVE-2025-21424 | High | 7.8 | 2025-03-03 | Memory corruption while calling the NPU driver APIs concurrently. |
CVE-2024-53014 | High | 7.8 | 2025-03-03 | Memory corruption may occur while validating ports and channels in Audio driver. |
CVE-2024-33042 | High | 7.8 | 2024-09-02 | Memory corruption when Alternative Frequency offset value is set to 255. |
CVE-2023-24854 | High | 7.8 | 2023-07-04 | Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. |
CVE-2023-22387 | High | 7.8 | 2023-07-04 | Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. |
CVE-2023-22386 | High | 7.8 | 2023-07-04 | Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. |
CVE-2019-2248 | High | 7.8 | 2019-05-24 | Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon… |
CVE-2023-33020 | High | 7.5 | 2023-09-05 | Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. |
CVE-2023-33019 | High | 7.5 | 2023-09-05 | Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. |
CVE-2023-21631 | High | 7.5 | 2023-07-04 | Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
CVE-2023-21629 | Medium | 6.8 | 2023-07-04 | Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
CVE-2023-28575 | Medium | 6.7 | 2023-08-08 | The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handl… |
CVE-2024-38426 | Medium | 5.4 | 2025-03-03 | While processing the authentication message in UE, improper authentication may lead to information disclosure. |