June 2026 Security Bulletin
Published: 06/01/2026
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2026-24085 | Zinuo Han (ele7enxxh) |
| CVE-2026-24087,CVE-2026-24089 | Chen Runlin, Xu Liangjun and Wu Haitao from Xiaomi ShadowBlade Security Lab |
| CVE-2026-24088 | Kancy Joe |
| CVE-2026-24090 | VoidTato |
| CVE-2026-25259,CVE-2026-25260,CVE-2025-59611,CVE-2025-59612,CVE-2025-59613,CVE-2025-59614 | heiheidada |
| CVE-2025-59601 | Adam Laurie -- Alpitronic |
| CVE-2025-59609 | Xiling Gong (conghuiwang) |
| CVE-2025-59610 | shiyier |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2026-25276 | Critical | High | Secure Processor | Internal |
| CVE-2026-25277 | Critical | High | Secure Processor | Internal |
| CVE-2025-59604 | High | High | SPS Applications | Internal |
| CVE-2025-59605 | High | High | HLOS | Internal |
| CVE-2025-59606 | High | High | HLOS | Internal |
| CVE-2026-25258 | High | High | DSP Service | 12/15/2025 |
| CVE-2026-25259 | High | High | DSP Service | 11/15/2025 |
| CVE-2026-25260 | High | High | DSP Service | 11/16/2025 |
| CVE-2026-25264 | High | High | Qualcomm Software Center | Internal |
| CVE-2026-25265 | High | High | Qualcomm Software Center | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2025-59601 | Medium | Medium | Powerline Communication Firmware | 02/26/2025 |
| CVE-2025-59611 | Medium | Medium | Core Services | 06/13/2025 |
| CVE-2025-59612 | Medium | Medium | Windows Compute | 06/30/2025 |
| CVE-2025-59613 | Medium | Medium | Windows Compute | 06/30/2025 |
| CVE-2025-59614 | Medium | Medium | Windows Compute | 06/27/2025 |
CVE-2026-25276
| CVE ID | CVE-2026-25276 |
| Title | Improper Validation of Array Index in Secure Processor |
| Description | Memory corruption while using Strongbox due to missing bounds check. |
| Technology Area | Secure Processor |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2026/04/06 |
| Affected Chipsets* | CQ8750M, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, G3x Gen 2, Pandeiro, QCA6391, QCA6698AU, QCA6797AQ, QCM5430, QCM6490, QCM8838, QCN9011, QCN9012, QCS8550, Qualcomm® Video Collaboration VC3 Platform, SD865 5G, SDR753, SM8550P, SM8650Q, SM8750P, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, WCD9370, WCD9375, WCD9380, WCD9385, WCD9390, WCD9395, WCN3950, WCN3988, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
CVE-2026-25277
| CVE ID | CVE-2026-25277 |
| Title | Buffer Copy Without Checking Size of Input in Secure Processor |
| Description | Memory corruption while using Strongbox due to buffer overflow. |
| Technology Area | Secure Processor |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2026/04/06 |
| Affected Chipsets* | CQ8750M, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, G3x Gen 2, Pandeiro, QCA6391, QCA6698AU, QCA6797AQ, QCM5430, QCM6490, QCM8838, QCN9011, QCN9012, QCS8550, Qualcomm® Video Collaboration VC3 Platform, SD865 5G, SDR753, SM8550P, SM8650Q, SM8750P, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, WCD9370, WCD9375, WCD9380, WCD9385, WCD9390, WCD9395, WCN3950, WCN3988, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
CVE-2025-59604
| CVE ID | CVE-2025-59604 |
| Title | NULL Pointer Dereference in SPS Applications |
| Description | Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. |
| Technology Area | SPS Applications |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Snapdragon G1 Gen 2 Gaming Platform, AR8035, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, IQX5121, IQX7181, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Monaco_IOT, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8620P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA0000, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCC710, QCF8001, QCM2290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8838, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB415, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB2 Platform, SA4150P, SA4155P, SA510M, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD662, SD865 5G, SDR753, SDX61, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7325P, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon 8cx Gen 3 Compute Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1L, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9378C, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039, XRV7209, XRV9209 |
CVE-2025-59605
| CVE ID | CVE-2025-59605 |
| Title | Out-of-bounds Write in HLOS |
| Description | Memory Corruption when processing device identifier strings that exceed the expected maximum length. |
| Technology Area | HLOS |
| Vulnerability Type | CWE-787: Out-of-bounds Write |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Snapdragon G1 Gen 2 Gaming Platform, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, G2 Gen 1, G3x Gen 2, Kalpeni, Netrani, QAM8295P, QCA6174A, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCM2290, QCM4490, QCM5430, QCM6125, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS2290, QCS4490, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QMB415, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Robotics RB2 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SAR2130P, SD 8 Gen1 5G, SD865 5G, SDX61, SM6450P, SM6475P, SM6475Q, SM7325P, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM8475P, SM8550P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SW5100, SW5100P, SXR2230P, SXR2250P, WCD9335, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
CVE-2025-59606
| CVE ID | CVE-2025-59606 |
| Title | NULL Pointer Dereference in HLOS |
| Description | Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. |
| Technology Area | HLOS |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Cologne, CQ7790, CQ8725S, CQ8750M, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, G2 Gen 1, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, Molokai, Monaco_IOT, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8620P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8695AU, QCM5430, QCM6490, QCM8838, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QLN1083BD, QLN1086BD, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC3 Platform, QXM1093, QXM1094, QXM1095, QXM1096, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8770P, SA9000P, SDR753, SM4850, SM4850P, SM6450P, SM6475P, SM6475Q, SM6850, SM7435, SM7435P, SM7635P, SM8735P, SM8750P, SM8845P, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon® Wear Elite platform, SRV1H, SRV1L, SRV1M, SXR2330P, SXR2350P, Themisto, WCD9370, WCD9375, WCD9378, WCD9378C, WCD9380, WCD9385, WCD9395, WCN3950, WCN3988, WCN6450, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039, XRV7209, XRV9209 |
CVE-2026-25258
| CVE ID | CVE-2026-25258 |
| Title | Out-of-bounds Read in DSP Service |
| Description | Memory corruption while processing IOCTL calls for escape operations. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-125: Out-of-bounds Read |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/12/15 |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | Cologne, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, SC8380XP, WCD9378C, WCD9380, WCD9385, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2026-25259
| CVE ID | CVE-2026-25259 |
| Title | Out-of-bounds Write in DSP Service |
| Description | Memory corruption while processing multiple IOCTL command for escape operations. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-787: Out-of-bounds Write |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/11/15 |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | Cologne, FastConnect 6700, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, SD865 5G, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WCN3950, WCN3988, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2026-25260
| CVE ID | CVE-2026-25260 |
| Title | Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
| Description | Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/11/16 |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | Cologne, FastConnect 6700, FastConnect 6900, FastConnect 7800, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, SD865 5G, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2026-25264
| CVE ID | CVE-2026-25264 |
| Title | Uncontrolled Search Path Element in Qualcomm Software Center |
| Description | Privilege escalation due to weak configuration during package extraction process. |
| Technology Area | Qualcomm Software Center |
| Vulnerability Type | CWE-427 |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2026/03/24 |
| Affected Chipsets* | QSCv1.17.1, QSCv1.19.1, QSCv1.21.0, QSCv1.22.1, QSCv1.25.1, QSCv1.26.0 on Windows |
CVE-2026-25265
| CVE ID | CVE-2026-25265 |
| Title | Creation of Temporary File with Insecure Permissions in Qualcomm Software Center |
| Description | Privilege escalation due to weak configuration while temporary file handling. |
| Technology Area | Qualcomm Software Center |
| Vulnerability Type | CWE-378 |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2026/03/24 |
| Affected Chipsets* | QSCv1.17.1, QSCv1.19.1, QSCv1.21.0, QSCv1.22.1, QSCv1.25.1, QSCv1.26.0 on Windows |
CVE-2025-59601
| CVE ID | CVE-2025-59601 |
| Title | Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware |
| Description | Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration. |
| Technology Area | Powerline Communication Firmware |
| Vulnerability Type | CWE-1230: Exposure of Sensitive Information Through Metadata |
| Access Vector | Remote |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Date Reported | 2025/02/26 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | FastConnect 7800, QCA7005, Snapdragon AR1 Gen 1 Platform, WCD9380, WCD9385, WSA8830, WSA8832, WSA8835 |
CVE-2025-59611
| CVE ID | CVE-2025-59611 |
| Title | Out-of-bounds Write in Core Services |
| Description | Memory corruption in diagnostic services due to absence of input validation |
| Technology Area | Core Services |
| Vulnerability Type | CWE-787: Out-of-bounds Write |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/06/13 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | AQT1000, Cologne, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, QCA6391, QCA6420, QCA6430, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, SM6250, Snapdragon 7c Compute Platform, Snapdragon 7c Gen 2 Compute Platform "Rennell Pro", Snapdragon 7c+ Gen 3 Compute, Snapdragon 8c Compute Platform "Poipu Lite", Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite", Snapdragon 8cx Compute Platform, Snapdragon 8cx Compute Platform "Poipu Pro", Snapdragon 8cx Gen 2 5G Compute Platform, Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro", Snapdragon 8cx Gen 3 Compute Platform, WCD9340, WCD9341, WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WSA8810, WSA8815, WSA8830, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2025-59612
| CVE ID | CVE-2025-59612 |
| Title | Stack-based Buffer Overflow in Windows Compute |
| Description | Memory corruption in windows drivers while sending incorrect trusted application request |
| Technology Area | Windows Compute |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/06/30 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Cologne, FastConnect 6700, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8cx Gen 3 Compute Platform, WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WSA8830, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2025-59613
| CVE ID | CVE-2025-59613 |
| Title | Stack-based Buffer Overflow in Windows Compute |
| Description | Memory Corruption when output buffer size is smaller than input buffer size during data copying operation. |
| Technology Area | Windows Compute |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/06/30 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Cologne, FastConnect 6700, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, SD865 5G, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8cx Gen 3 Compute Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WCN3950, WCN3988, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2025-59614
| CVE ID | CVE-2025-59614 |
| Title | Out-of-bounds Write in Windows Compute |
| Description | Memory Corruption when sending random number generator command with insufficient output buffer size. |
| Technology Area | Windows Compute |
| Vulnerability Type | CWE-787: Out-of-bounds Write |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/06/27 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Cologne, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, SC8380XP, WCD9378C, WCD9380, WCD9385, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2026-24085 | High | High | Display | 12/18/2025 |
| CVE-2026-24087 | High | High | Graphics | 01/18/2026 |
| CVE-2026-24088 | High | High | Boot | 01/18/2026 |
| CVE-2026-24089 | High | High | Display | 01/18/2026 |
| CVE-2026-24090 | High | High | HLOS | 12/15/2025 |
| CVE-2026-24091 | High | High | Display | Internal |
| CVE-2026-24092 | High | High | Display | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2025-59609 | Medium | Medium | WLAN Host Communication | 08/05/2023 |
| CVE-2025-59610 | Medium | Medium | Camera Driver | 06/25/2025 |
CVE-2026-24085
| CVE ID | CVE-2026-24085 |
| Title | Stack-based Buffer Overflow in Display |
| Description | Memory Corruption when processing display command line information due to improper initialization of a variable. |
| Technology Area | Display |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.2 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | 2025/12/18 |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | Snapdragon G1 Gen 2 Gaming Platform, 5G Fixed Wireless Access Platform, APQ8098, AR8031, AR8035, C-V2X 9150, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FSM100 Platform, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCA9367, QCA9377, QCC710, QCF8001, QCM2290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8838, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB415, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165M, QRB5165N, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA510M, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD662, SD865 5G, SDA660, SDR753, SDX61, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7325P, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, Vision Intelligence 400 Platform, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2026-24087
| CVE ID | CVE-2026-24087 |
| Title | Improper Validation of Syntactic Correctness of Input in Kernel |
| Description | Memory corruption while processing fastboot OEM commands. |
| Technology Area | Graphics |
| Vulnerability Type | CWE-1286: Improper Validation of Syntactic Correctness of Input |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.2 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | 2026/01/18 |
| Customer Notified Date | 2026/02/02 |
| Affected Chipsets* | AR8031, AR8035, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCA9367, QCA9377, QCC710, QCF8001, QCM2290, QCM4325, QCM6125, QCM8838, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165N, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB5 Platform, SA510M, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SC8380XP, SD662, SD865 5G, SDR753, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2330P, SXR2350P, Themisto, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2026-24088
| CVE ID | CVE-2026-24088 |
| Title | Missing Authentication for Critical Function in Boot |
| Description | Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader. |
| Technology Area | Boot |
| Vulnerability Type | CWE-306: Missing Authentication for Critical Function |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | 2026/01/18 |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | AR9380, CSR8811, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, G1 Gen 1, G2 Gen 1, G3x Gen 2, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ6010, IPQ6018, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8076, IPQ8078, IQ9 Series Platform, Kalpeni, LeMans_AU_LGIT, LeMansAU, MDM9628, Milos, Milos_IOT, Molokai, Netrani, Networking Pro 1200 Platform, Networking Pro 1210 Platform, Networking Pro 1610 Platform, Networking Pro 400 Platform, Networking Pro 600 Platform, Networking Pro 610 Platform, Networking Pro 800 Platform, Networking Pro 810 Platform, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA4024, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA7500, QCA8075, QCA8081, QCA8695AU, QCA9367, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4325, QCM5430, QCM6125, QCM6490, QCM8838, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9100, QCS2290, QCS4290, QCS6690, QEP8111, QLN1083BD, QLN1086BD, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1093, QXM1094, QXM1095, QXM1096, SA7255P, SA7775P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD626, SD662, SD865 5G, SDR753, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Display 200 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X5 LTE Modem, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, Vision Intelligence 100 Platform, Vision Intelligence 200 Platform, WCD9326, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2026-24089
| CVE ID | CVE-2026-24089 |
| Title | Improper Validation of Syntactic Correctness of Input in Kernel |
| Description | Memory corruption while processing fastboot commands with invalid input. |
| Technology Area | Display |
| Vulnerability Type | CWE-1286: Improper Validation of Syntactic Correctness of Input |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.2 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | 2026/01/18 |
| Customer Notified Date | 2026/02/02 |
| Affected Chipsets* | AR8031, AR8035, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCA9367, QCA9377, QCC710, QCF8001, QCM2290, QCM4325, QCM5430, QCM6125, QCM6490, QCM8838, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165N, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB5 Platform, SA510M, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SC8380XP, SD662, SD865 5G, SDR753, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2026-24090
| CVE ID | CVE-2026-24090 |
| Title | Missing Authentication for Critical Function in HLOS |
| Description | Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow. |
| Technology Area | HLOS |
| Vulnerability Type | CWE-306: Missing Authentication for Critical Function |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.1 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| Date Reported | 2025/12/15 |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | AR8031, AR8035, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCA9367, QCA9377, QCC710, QCF8001, QCM2290, QCM4325, QCM6125, QCM8838, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165N, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB5 Platform, SA510M, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SC8380XP, SD662, SD865 5G, SDR753, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2026-24091
| CVE ID | CVE-2026-24091 |
| Title | Improper Validation of Syntactic Correctness of Input in Display |
| Description | Memory corruption while processing fastboot commands with improperly formatted input. |
| Technology Area | Display |
| Vulnerability Type | CWE-1286: Improper Validation of Syntactic Correctness of Input |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.2 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | Snapdragon G1 Gen 2 Gaming Platform, 5G Fixed Wireless Access Platform, APQ8098, AR8031, AR8035, C-V2X 9150, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FSM100 Platform, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCA9367, QCA9377, QCC710, QCF8001, QCM2290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8838, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB415, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165M, QRB5165N, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA510M, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD662, SD865 5G, SDA660, SDR753, SDX61, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7325P, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, Vision Intelligence 400 Platform, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2026-24092
| CVE ID | CVE-2026-24092 |
| Title | Improper Validation of Syntactic Correctness of Input in Display |
| Description | Memory Corruption when processing fastboot commands to set display mode. |
| Technology Area | Display |
| Vulnerability Type | CWE-1286: Improper Validation of Syntactic Correctness of Input |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.2 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2026/03/02 |
| Affected Chipsets* | AR8031, AR8035, Cologne, CQ7790, CQ8725S, CQ8750M, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, Kobuk, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8386, QCA8695AU, QCA9367, QCA9377, QCC710, QCF8001, QCM2290, QCM4325, QCM6125, QCM8838, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS6690, QCS8550, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165N, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB5 Platform, SA510M, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR2130P, SC8380XP, SD662, SD865 5G, SDR753, SDX81, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, X1E80100, XRV7209, XRV9209 |
| Patch** |
CVE-2025-59609
| CVE ID | CVE-2025-59609 |
| Title | Buffer Over-read in WLAN Host Communication |
| Description | Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. |
| Technology Area | WLAN Host Communication |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 5.5 |
| CVSS String | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
| Date Reported | 2023/08/05 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | 5G Fixed Wireless Access Platform, AR8035, CSR8811, FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, G3x Gen 2, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ5010, IPQ5028, IPQ5300, IPQ5302, IPQ5312, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ8076, IPQ8078, IPQ9008, IPQ9554, IPQ9570, IPQ9574, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, Marina, Milos, Monaco_IOT, Networking Pro 1200 Platform, Networking Pro 1210 Platform, Networking Pro 1610 Platform, Networking Pro 400 Platform, Networking Pro 600 Platform, Networking Pro 610 Platform, Networking Pro 800 Platform, Networking Pro 810 Platform, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA0000, QCA4024, QCA6391, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6777AQ, QCA6787AQ, QCA6797AQ, QCA8075, QCA8080, QCA8081, QCA8082, QCA8084, QCA8085, QCA8101, QCA8337, QCA8384, QCA8385, QCA8386, QCA8695AU, QCA9888, QCA9889, QCC710, QCF8000, QCF8001, QCM5430, QCM6490, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5224, QCN6023, QCN6024, QCN6112, QCN6122, QCN6132, QCN6224, QCN6274, QCN6402, QCN6412, QCN6422, QCN6432, QCN9000, QCN9012, QCN9013, QCN9022, QCN9024, QCN9070, QCN9100, QCN9274, QCS8550, QFW7114, QFW7124, QRB5165N, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB5 Platform, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR2130P, SD865 5G, SDX65M, SM6650P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Snapdragon 460 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SW-only, SXR2230P, SXR2250P, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3950, WCN3988, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2025-59610
| CVE ID | CVE-2025-59610 |
| Title | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
| Description | Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer. |
| Technology Area | Camera Driver |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.4 |
| CVSS String | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/06/25 |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Snapdragon G1 Gen 2 Gaming Platform, 5G Fixed Wireless Access Platform, C-V2X 9150, CQ7790, CQ8725S, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FSM100 Platform, G1 Gen 1, G2 Gen 1, G3x Gen 2, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, Kalpeni, LeMans_AU_LGIT, LeMansAU, Milos, Milos_IOT, Molokai, Monaco_IOT, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA6391, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8695AU, QCM2290, QCM4325, QCM4490, QCM5430, QCM6490, QCM8838, QCN9011, QCN9012, QCS2290, QCS4290, QCS4490, QCS6690, QCS8550, QLN1083BD, QLN1086BD, QMB415, QMB715, QMP1000, QMP2001, QPA1083BD, QPA1086BD, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD662, SD865 5G, SDA660, SDM429W, SDR753, SM4850, SM4850P, SM6225P, SM6450P, SM6475P, SM6475Q, SM6650P, SM6850, SM7325P, SM7435, SM7435P, SM7525, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735P, SM8750P, SM8845P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7 Gen 4 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, Vision Intelligence 400 Platform, WCD9326, WCD9335, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, XRV7209, XRV9209 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2026-25276
- CVE-2026-25277
- CVE-2025-59604
- CVE-2025-59605
- CVE-2025-59606
- CVE-2026-25258
- CVE-2026-25259
- CVE-2026-25260
- CVE-2026-25264
- CVE-2026-25265
- CVE-2025-59601
- CVE-2025-59611
- CVE-2025-59612
- CVE-2025-59613
- CVE-2025-59614
- Open Source Software Issues
- CVE-2026-24085
- CVE-2026-24087
- CVE-2026-24088
- CVE-2026-24089
- CVE-2026-24090
- CVE-2026-24091
- CVE-2026-24092
- CVE-2025-59609
- CVE-2025-59610
- Industry Coordination
