Snapdragon Qualcomm Snapdragon

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Qualcomm Snapdragon.

By the Year

In 2026 there have been 106 vulnerabilities in Qualcomm Snapdragon with an average score of 7.3 out of ten. Last year, in 2025 Snapdragon had 103 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.32




Year Vulnerabilities Average Score
2026 106 7.29
2025 103 7.61
2024 1 7.80
2023 6 8.23
2022 52 7.58
2021 227 7.67
2020 167 0.00
2019 147 0.00
2018 183 0.00

It may take a day or so for new Snapdragon vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Qualcomm Snapdragon Security Vulnerabilities

Qualcomm Android Memory Corruption in Async Param Handling
CVE-2026-25271 7.8 - High - July 06, 2026

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.

TOCTTOU

Qualcomm Wi-Fi Firmware HT40 Layout Memory Corruption
CVE-2026-25268 8.8 - High - July 06, 2026

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.

Stack Overflow

Qualcomm Modem Firmware Memcorrupt via Invalid Port Index
CVE-2026-21384 5.3 - Medium - July 06, 2026

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.

Memory Corruption

Qualcomm Static IV in AES-GCM Key Wrap Causes Crypto Flaw
CVE-2026-21383 7.1 - High - July 06, 2026

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.

Reusing a Nonce, Key Pair in Encryption

Qualcomm Memory Corruption on Oversize Allocation
CVE-2026-21379 7.8 - High - July 06, 2026

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.

Buffer Over-read

Qualcomm memory corruption flaw: input batch size & buffer plane validation
CVE-2026-21370 5.3 - Medium - July 06, 2026

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.

Memory Corruption

Qualcomm Snapdragon Flash Handler Memory Corruption via Stale LED Count
CVE-2026-21369 5.3 - Medium - July 06, 2026

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.

Memory Corruption

Qualcomm Snapdragon JPEG Parsing Memory Corruption
CVE-2026-21368 5.3 - Medium - July 06, 2026

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.

Memory Corruption

Memory Corruption via repeated IOCTL on Qualcomm Modem Driver
CVE-2025-59617 6.6 - Medium - July 06, 2026

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.

Dangling pointer

Qualcomm Driver: Duplicate IOCTL FD Leads to Memory Corruption
CVE-2025-59616 6.6 - Medium - July 06, 2026

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.

Dangling pointer

CVE-2025-59615: Qualcomm Snapdragon Wireless Driver mem crash via ioctl sync
CVE-2025-59615 6.6 - Medium - July 06, 2026

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.

Dangling pointer

Qualcomm Strongbox TEE Buffer Overflow Memory Corruption
CVE-2026-25277 8.8 - High - June 01, 2026

Memory corruption while using Strongbox due to buffer overflow.

Classic Buffer Overflow

CVE-2026-25276: Memory Corruption in Qualcomm Strongbox (Bound Check Missing)
CVE-2026-25276 8.8 - High - June 01, 2026

Memory corruption while using Strongbox due to missing bounds check.

out-of-bounds array index

Qualcomm Memory Corruption in Shared Buffer Access (CVE-2026-25260)
CVE-2026-25260 7.8 - High - June 01, 2026

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

TOCTTOU

Memory corruption in Qualcomm QMI Modem IOCTL escape ops
CVE-2026-25259 7.8 - High - June 01, 2026

Memory corruption while processing multiple IOCTL command for escape operations.

Memory Corruption

Memory Corruption in Qualcomm IOCTL Escape Handler
CVE-2026-25258 7.8 - High - June 01, 2026

Memory corruption while processing IOCTL calls for escape operations.

Out-of-bounds Read

Qualcomm Fastboot Memory Corruption on DisplayMode Set
CVE-2026-24092 7.2 - High - June 01, 2026

Memory Corruption when processing fastboot commands to set display mode.

Improper Validation of Syntactic Correctness of Input

Qualcomm Fastboot Memory Corrupt via Malformed Input
CVE-2026-24091 7.2 - High - June 01, 2026

Memory corruption while processing fastboot commands with improperly formatted input.

Improper Validation of Syntactic Correctness of Input

Qualcomm Bootloader Crypto Flaw Lets Unauthorized Boot Flow Change
CVE-2026-24090 7.1 - High - June 01, 2026

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.

Missing Authentication for Critical Function

CVE-2026-24089: Memory Corruption in Fastboot Commands
CVE-2026-24089 7.2 - High - June 01, 2026

Memory corruption while processing fastboot commands with invalid input.

Improper Validation of Syntactic Correctness of Input

Unauthorized Write via Crypto Defect in Qualcomm Partition Handler (BL)
CVE-2026-24088 8.2 - High - June 01, 2026

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

Missing Authentication for Critical Function

Memory corruption in Qualcomm Fastboot OEM commands
CVE-2026-24087 7.2 - High - June 01, 2026

Memory corruption while processing fastboot OEM commands.

Improper Validation of Syntactic Correctness of Input

Qualcomm Snapdragon Memory Corruption via Uninitialized Variable in Display CLI
CVE-2026-24085 7.2 - High - June 01, 2026

Memory Corruption when processing display command line information due to improper initialization of a variable.

Stack Overflow

Qualcomm RNG Driver Buffer Overflow Memory Corruption
CVE-2025-59614 6.7 - Medium - June 01, 2026

Memory Corruption when sending random number generator command with insufficient output buffer size.

Memory Corruption

Qualcomm Buffer Overflow via Small Output Buffer in Data Copy
CVE-2025-59613 6.7 - Medium - June 01, 2026

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.

Stack Overflow

Memory Corruption in Qualcomm Windows Drivers via Invalid Trusted App Request
CVE-2025-59612 6.7 - Medium - June 01, 2026

Memory corruption in windows drivers while sending incorrect trusted application request

Stack Overflow

Memory Corruption in Qualcomm Diagnostic Services via Input Validation Failure
CVE-2025-59611 6.7 - Medium - June 01, 2026

Memory corruption in diagnostic services due to absence of input validation

Memory Corruption

CVE-2025-59610: IOCTL Memory Corruption in Qualcomm Snapdragon Driver
CVE-2025-59610 6.4 - Medium - June 01, 2026

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.

TOCTTOU

Info Disclosure via Short MBSSID in Qualcomm Bluetooth
CVE-2025-59609 5.5 - Medium - June 01, 2026

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.

Buffer Over-read

Qualcomm QSEE Memory Corruption via Heap Overflow in Secure Data Init
CVE-2025-59606 7.8 - High - June 01, 2026

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.

NULL Pointer Dereference

Qualcomm driver memory corruption via overlength device ID
CVE-2025-59605 7.8 - High - June 01, 2026

Memory Corruption when processing device identifier strings that exceed the expected maximum length.

Memory Corruption

Qualcomm Memory Corruption via Null Ptr on memcpy
CVE-2025-59604 7.8 - High - June 01, 2026

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.

NULL Pointer Dereference

Qualcomm Powerline Info Disclosure on Factory Reset
CVE-2025-59601 6.5 - Medium - June 01, 2026

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.

Exposure of Sensitive Information Through Metadata

PLC FW Assigner Buffer Overflow due to Wrong Auth (Qualcomm)
CVE-2026-25293 9.6 - Critical - May 04, 2026

Buffer overflow due to incorrect authorization in PLC FW

AuthZ

Qualcomm IOCTL Memory Corruption in Power-Save Mode
CVE-2026-25266 5.5 - Medium - May 04, 2026

Memory corruption while processing IOCTL command when device is in power-save state.

Exposed Dangerous Method or Function

Memory Corruption in Qualcomm Snapdragon Perf Counter Driver During Deselect
CVE-2026-24082 7.8 - High - May 04, 2026

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

Dangling pointer

Qualcomm Driver IOCTL Buffer Corruption Vulnerability
CVE-2025-47408 7.8 - High - May 04, 2026

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

Untrusted Pointer Dereference

Memory Corruption in Qualcomm DSP Process Creation due to Allocation Failure
CVE-2025-47407 7.8 - High - May 04, 2026

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

TOCTTOU

CVE-2025-47406: Qualcomm IOCTL Buffer Size OOB Disclosure
CVE-2025-47406 6.1 - Medium - May 04, 2026

Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.

Buffer Over-read

Qualcomm Camera Driver Buffer Overflow via Invalid Output Buffers
CVE-2025-47405 7.8 - High - May 04, 2026

Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

Untrusted Pointer Dereference

Qualcomm Snapdragon Driver Buffer Resize Memory Corruption
CVE-2025-47404 6.5 - Medium - May 04, 2026

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

Classic Buffer Overflow

Qualcomm Wireless Driver DOS via Malformed FT Frame
CVE-2025-47403 6.5 - Medium - May 04, 2026

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

Buffer Over-read

Qualcomm Target Power Rate Table Channel Config DoS
CVE-2025-47401 6.5 - Medium - May 04, 2026

Transient DOS when processing target power rate tables during channel configuration.

Buffer Over-read

Memory Corruption via Improper Buffer Sizing in Qualcomm PM
CVE-2026-21382 7.8 - High - April 06, 2026

Memory Corruption when handling power management requests with improperly sized input/output buffers.

Classic Buffer Overflow

Qualcomm QCA WiFi NAN DoS via Excessive Service Data Frame Length
CVE-2026-21381 7.6 - High - April 06, 2026

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.

Buffer Over-read

Qualcomm DMABUF IOCTL Memory Corruption
CVE-2026-21380 7.8 - High - April 06, 2026

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

Dangling pointer

Qualcomm Camera Driver Output Buffer Size Validation Bypass
CVE-2026-21378 7.8 - High - April 06, 2026

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Buffer Over-read

Qualcomm Camera Sensor Driver IOCTL Buffer Validation Flaw
CVE-2026-21376 7.8 - High - April 06, 2026

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Buffer Over-read

Qualcomm IOCTL Output Buffer Size Bypass Causing Mem Corruption
CVE-2026-21375 7.8 - High - April 06, 2026

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

Buffer Over-read

Memory Corruption in Qualcomm Sensor Driver Aux IO Ctl CMD Buffer Overflow
CVE-2026-21374 7.8 - High - April 06, 2026

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

Buffer Over-read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Qualcomm Snapdragon or by Qualcomm? Click the Watch button to subscribe.

Qualcomm
Vendor

subscribe