Tracking 4429 chipset vulnerabilities across 6866 different smartphone models.

What is this about?

Every smartphone contains a chipset, enabling functionality such as calls, data connectivity, Bluetooth and WiFi communication, digital image processing and more. Detecting and addressing chipset vulnerabilities is crucial for optimal smartphone security. However, information on these vulnerabilities is scattered across chipset manufacturers' websites, AOSP's Security Bulletins, and OEM websites. Our website consolidates this data for a unified and accessible view.

Vulnerabilities

Explore trends
4429
+41 in December 2025
Monthly amount of published vulnerabilities

Phone models

Show all
6866

Chipsets

Show all
637
each affected by 108 vulnerabilities (avg.)

Updates

Explore timeline
20637
+185 in December 2025
Phone modelCode nameUpdated in
Samsung Galaxy A55SM-A556EJanuary 2026
Samsung Galaxy A55SM-A556EJanuary 2026
Samsung Galaxy Tab A9+SM-X210January 2026
Samsung Galaxy A23 5GSM-A236EJanuary 2026
Samsung Galaxy A55SM-A556EJanuary 2026
Samsung Galaxy A23SM-A235FJanuary 2026
Samsung Galaxy Xcover6 ProSM-G736BJanuary 2026
Samsung Galaxy Tab A9+SM-X216BJanuary 2026
Samsung Galaxy A34SM-A346EJanuary 2026
Samsung Galaxy A13SM-A135U1January 2026
Samsung Galaxy Tab A9+SM-X216BJanuary 2026
Samsung Galaxy A34SM-A346MJanuary 2026
Samsung Galaxy M55SM-M556BJanuary 2026
Samsung Galaxy A15 5GSM-A156U1January 2026
Samsung Galaxy A04sSM-A047FDecember 2025
Samsung Galaxy Tab A9SM-X110December 2025
Samsung Galaxy Tab A9SM-X115December 2025
Samsung Galaxy M34 5GSM-M346BDecember 2025
Samsung Galaxy Tab A9+SM-X210December 2025
Samsung Galaxy A05SM-A055MDecember 2025
Samsung Galaxy A33 5GSM-A336EDecember 2025
Samsung Galaxy Xcover 5SM-G525FDecember 2025
Samsung Galaxy Xcover 5SM-G525FDecember 2025
Samsung Galaxy A04sSM-A047FDecember 2025
Samsung Galaxy Xcover 5SM-G525FDecember 2025
Samsung Galaxy A04sSM-A047FDecember 2025
Samsung Galaxy A15 5GSM-A156EDecember 2025
Samsung Galaxy A54SM-A546EDecember 2025
Samsung Galaxy Tab A9SM-X115December 2025
Samsung Galaxy A05SM-A055FDecember 2025
And 20607 more...

The big picture.

Our data provides a holistic overview on each phase of the vulnerability lifecycle.

Vulnerability Introduction

Each new chipset release brings exciting features, yet often inherits vulnerabilities from previous generations.

In each new chipset generation...

93 %
of all vulnerabilities are inherhited from previous chipset generations
7%
of all vulnerabilities occur in this chipset generation for the first time

Vulnerability Discovery

Vulnerabilities are either found internally by chipset manufacturers, or by external researchers.

Since 2018, external researchers have found 53% of all published chipset vulnerabilities.

Yearly ratio of published vulnerabilities discovered by external researchers.

The relative amount of externally discovered vulnerabilities differs between chipset manufacturers.

Ratio of published vulnerabilities discovered by external researchers during the past two years, broken down by manufacturer. A lower bar implies that a chipset manufacturer was able to find more vulnerabilities internally.
Ratio of vulnerabilities discovered by chipset manufacturers
Manufacturer20242025
MediaTek39%67%
SAMSUNG LSI0%100%
Qualcomm53%55%
UNISOC2%100%

Patch Development

Once a vulnerability is discovered, the affected chipsets' manufacturer assesses its severity, develops a patch and publishes vulnerability information in the form of a CVE and a bulletin on their website as well as the AOSP.

Severity assessmentAre firmware vulnerabilities more severe?

Firmware

7.8
Median CVSS score of firmware running on chipset co-processors.

Drivers

7.0
Median CVSS score of drivers for chipset functionality.
Time to patch availabilityHow long does it take chipset manufacturers to develop a mitigating patch?

For vulnerabilities published in 2025, it took chipset manufacturers on average 157 days to provide a patch to OEMs, after they have been informed of a vulnerability. This is 3% faster than in 2024.

Based on data provided on the websites of Qualcomm and Samsung.

Update deployment

Time frame from public disclosure to updateUpdates are available for half of all device models within 72 days after a vulnerability is announced.
Time frame from first available updateHalf of all device models have received an update 34 days after the first model affected by that vulnerability.

For researchers.

Our data set aids researchers in tracking vulnerability trends, offering aggregated monthly discovery numbers. This helps focus research efforts on underrepresented or highly vulnerable areas. Additionally, it assesses individual research impact by offering per vulnerability information on impacted chipsets and devices.

Next steps:
Find devices affected by a vulnerabilityExplore trends in vulnerability discoveryMeasure the vulnerability lifecycle

Furthermore, evaluating novel vulnerability discovery techniques warrants a representative set of devices to empirically test the success of said techniques. Many chipsets share the same vulnerabilities through code re-use. Manually testing chipsets affected by mostly overlapping sets of vulnerabilities is time consuming, unnecessarily expensive and thus inefficient. Our device picker helps select a variety of devices with chipsets that share fewer vulnerabilities, increasing the likelihood of testing novel implementations rather than re-used ones.

Next step:
Sample evaluation devices
For more information and a detailed analysis of the data presented on this website, please see our paper, to be presented at NDSS'25.
Follow us on Twitter
Contact usData privacy policyImprint