Tracking 4516 chipset vulnerabilities across 6866 different smartphone models.

What is this about?

Every smartphone contains a chipset, enabling functionality such as calls, data connectivity, Bluetooth and WiFi communication, digital image processing and more. Detecting and addressing chipset vulnerabilities is crucial for optimal smartphone security. However, information on these vulnerabilities is scattered across chipset manufacturers' websites, AOSP's Security Bulletins, and OEM websites. Our website consolidates this data for a unified and accessible view.

Vulnerabilities

Explore trends

4516

+36 in March 2026

Monthly amount of published vulnerabilities

Phone models

Show all

6866

Chipsets

Show all

637

each affected by 110 vulnerabilities (avg.)

Updates

Explore timeline

21184

+179 in March 2026

Phone model	Code name	Updated in
Samsung Galaxy A22 5G	SM-A226B	April 2026
Samsung Galaxy S23 Ultra	SM-S918B	April 2026
Samsung Galaxy S23 Ultra	SM-S918B	April 2026
Samsung Galaxy A22 5G	SM-A226B	April 2026
Samsung Galaxy S23	SM-S911B	April 2026
Samsung Galaxy S23 Ultra	SM-S918B	April 2026
Samsung Galaxy A14 5G	SM-A146U1	April 2026
Samsung Galaxy S23 Ultra	SM-S918U	April 2026
Samsung Galaxy S23	SM-S911U	April 2026
Samsung Galaxy A32 5G	SM-A326B	April 2026
Samsung Galaxy S23+	SM-S916U	April 2026
Samsung Galaxy A32 5G	SM-A326B	April 2026
Samsung Galaxy A22 5G	SM-A226BR	April 2026
Samsung Galaxy S23 Ultra	SM-S918U1	April 2026
Samsung Galaxy S23	SM-S911U1	April 2026
Samsung Galaxy S23+	SM-S916U1	April 2026
Samsung Galaxy S23 FE	SM-S711U	April 2026
Samsung Galaxy Z Flip5	SM-F731U	April 2026
Samsung Galaxy Z Fold5	SM-F946U	April 2026
Samsung Galaxy S23 FE	SM-S711U1	April 2026
Samsung Galaxy S23 FE	SM-S711B	April 2026
Samsung Galaxy Xcover 5	SM-G525F	March 2026
Samsung Galaxy S24+	SM-S926U	March 2026
Samsung Galaxy S24	SM-S921U	March 2026
Samsung Galaxy A53 5G	SM-A536U1	March 2026
Samsung Galaxy S23	SM-S911B	March 2026
Samsung Galaxy Z Fold5	SM-F946B	March 2026
Samsung Galaxy Xcover 5	SM-G525F	March 2026
Samsung Galaxy S23 Ultra	SM-S918B	March 2026
Samsung Galaxy A54	SM-A546U1	March 2026
And 21154 more...

The big picture.

Our data provides a holistic overview on each phase of the vulnerability lifecycle.

Vulnerability Introduction

Each new chipset release brings exciting features, yet often inherits vulnerabilities from previous generations.

In each new chipset generation...

93 %

of all vulnerabilities are inherhited from previous chipset generations

of all vulnerabilities occur in this chipset generation for the first time

Vulnerability Discovery

Vulnerabilities are either found internally by chipset manufacturers, or by external researchers.

Since 2018, external researchers have found 53% of all published chipset vulnerabilities.

Yearly ratio of published vulnerabilities discovered by external researchers.

The relative amount of externally discovered vulnerabilities differs between chipset manufacturers.

Ratio of published vulnerabilities discovered by external researchers during the past two years, broken down by manufacturer. A lower bar implies that a chipset manufacturer was able to find more vulnerabilities internally.

Ratio of vulnerabilities discovered by chipset manufacturers
Manufacturer	2024	2025
MediaTek	39%	67%
SAMSUNG LSI	0%	100%
Qualcomm	53%	54%
UNISOC	2%	100%

Patch Development

Once a vulnerability is discovered, the affected chipsets' manufacturer assesses its severity, develops a patch and publishes vulnerability information in the form of a CVE and a bulletin on their website as well as the AOSP.

Severity assessmentAre firmware vulnerabilities more severe?

Firmware

7.8

Median CVSS score of firmware running on chipset co-processors.

Drivers

7.0

Median CVSS score of drivers for chipset functionality.

Time to patch availabilityHow long does it take chipset manufacturers to develop a mitigating patch?

For vulnerabilities published in 2025, it took chipset manufacturers on average 158 days to provide a patch to OEMs, after they have been informed of a vulnerability. This is 3% faster than in 2024.

Based on data provided on the websites of Qualcomm and Samsung.

Update deployment

Time frame from public disclosure to updateUpdates are available for half of all device models within 72 days after a vulnerability is announced.

Time frame from first available updateHalf of all device models have received an update 34 days after the first model affected by that vulnerability.

For researchers.

Our data set aids researchers in tracking vulnerability trends, offering aggregated monthly discovery numbers. This helps focus research efforts on underrepresented or highly vulnerable areas. Additionally, it assesses individual research impact by offering per vulnerability information on impacted chipsets and devices.

Next steps:

Find devices affected by a vulnerability Explore trends in vulnerability discovery Measure the vulnerability lifecycle

Furthermore, evaluating novel vulnerability discovery techniques warrants a representative set of devices to empirically test the success of said techniques. Many chipsets share the same vulnerabilities through code re-use. Manually testing chipsets affected by mostly overlapping sets of vulnerabilities is time consuming, unnecessarily expensive and thus inefficient. Our device picker helps select a variety of devices with chipsets that share fewer vulnerabilities, increasing the likelihood of testing novel implementations rather than re-used ones.

Next step:

Sample evaluation devices