Qualcomm 215_mobile_platform_firmware
15 CVEs affecting Qualcomm 215_mobile_platform_firmware. Latest disclosed: 2025-10-09. Critical: 0, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-33027 | High | 8.4 | 2024-08-05 | Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. |
CVE-2024-23373 | High | 8.4 | 2024-07-01 | Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. |
CVE-2024-21461 | High | 8.4 | 2024-07-01 | Memory corruption while performing finish HMAC operation when context is freed by keymaster. |
CVE-2025-21487 | High | 8.2 | 2025-09-24 | Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. |
CVE-2024-53026 | High | 8.2 | 2025-06-03 | Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call. |
CVE-2024-53021 | High | 8.2 | 2025-06-03 | Information disclosure may occur while processing goodbye RTCP packet from network. |
CVE-2024-53020 | High | 8.2 | 2025-06-03 | Information disclosure may occur while decoding the RTP packet with invalid header extension from network. |
CVE-2025-27053 | High | 7.8 | 2025-10-09 | Memory corruption during PlayReady APP usecase while processing TA commands. |
CVE-2024-43052 | High | 7.8 | 2024-12-02 | Memory corruption while processing API calls to NPU with invalid input. |
CVE-2024-38423 | High | 7.8 | 2024-11-04 | Memory corruption while processing GPU page table switch. |
CVE-2024-38422 | High | 7.8 | 2024-11-04 | Memory corruption while processing voice packet with arbitrary data received from ADSP. |
CVE-2024-38415 | High | 7.8 | 2024-11-04 | Memory corruption while handling session errors from firmware. |
CVE-2024-23353 | High | 7.5 | 2024-08-05 | Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. |
CVE-2024-23357 | Medium | 6.2 | 2024-08-05 | Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. |
CVE-2024-33043 | Medium | 5.5 | 2024-09-02 | Transient DOS while handling PS event when Program Service name length offset value is set to 255. |