7.8
CVE-2025-21466 - Use After Free in Display
Memory corruption while processing a private escape command in an event trigger.
7.5
CVE-2025-21454 - Buffer Over-read in WLAN Embedded SW
Transient DOS while processing received beacon frame.
9.1
CVE-2025-21450 - Improper Authentication in GPS_GNSS
Cryptographic issue occurs due to use of insecure connection method while downloading.
7.5
CVE-2025-21449 - Buffer Over-read in WLAN Embedded SW
Transient DOS may occur while processing malformed length field in SSID IEs.
7.5
CVE-2025-21446 - Buffer Over-read in WLAN Firmware
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
7.8
CVE-2025-21445 - Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Data HLOS - QX
Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.
7.8
CVE-2025-21444 - Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Data HLOS - QX
Memory corruption while copying the result to the transmission queue in EMAC.
6.2
CVE-2025-21433 - NULL Pointer Dereference in SPS-HLOS
Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
7.8
CVE-2025-21432 - Double Free in SPS-HLOS
Memory corruption while retrieving the CBOR data from TA.
8.2
CVE-2025-21427 - Buffer Over-read in Data HLOS - LNX
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.