Tracking 4325 chipset vulnerabilities across 6866 different smartphone models.

What is this about?

Every smartphone contains a chipset, enabling functionality such as calls, data connectivity, Bluetooth and WiFi communication, digital image processing and more. Detecting and addressing chipset vulnerabilities is crucial for optimal smartphone security. However, information on these vulnerabilities is scattered across chipset manufacturers' websites, AOSP's Security Bulletins, and OEM websites. Our website consolidates this data for a unified and accessible view.

Vulnerabilities

Explore trends
4325
+35 in October 2025
Monthly amount of published vulnerabilities

Phone models

Show all
6866

Chipsets

Show all
637
each affected by 106 vulnerabilities (avg.)

Updates

Explore timeline
20251
+164 in October 2025
Phone modelCode nameUpdated in
Samsung Galaxy S21 FE 5GSM-G990ENovember 2025
Samsung Galaxy Tab S9 FE+SM-X616BNovember 2025
Samsung Galaxy S21 FE 5GSM-G990B2November 2025
Samsung Galaxy Tab S9 FE+SM-X616BNovember 2025
Samsung Galaxy S21 FE 5GSM-G990BNovember 2025
Samsung Galaxy A54SM-A546U1November 2025
Samsung Galaxy Tab S9 FESM-X516BNovember 2025
Samsung Galaxy Tab S9 FESM-X516BNovember 2025
Samsung Galaxy A55SM-A556ENovember 2025
Samsung Galaxy A35SM-A356ENovember 2025
Samsung Galaxy A54SM-A546ENovember 2025
Samsung Galaxy Z Fold5SM-F946BNovember 2025
Samsung Galaxy S24 UltraSM-S928BNovember 2025
Samsung Galaxy S24+SM-S926BNovember 2025
Samsung Galaxy Xcover6 ProSM-G736BNovember 2025
Samsung Galaxy S24SM-S921BNovember 2025
Samsung Galaxy Z Flip5SM-F731BNovember 2025
Samsung Galaxy A04eSM-A042FNovember 2025
Samsung Galaxy A03SM-A035MNovember 2025
Samsung Galaxy S23 UltraSM-S918BNovember 2025
Samsung Galaxy M55SM-M556BNovember 2025
Samsung Galaxy A15 5GSM-A156U1November 2025
Samsung Galaxy A14SM-A145FNovember 2025
Samsung Galaxy S23+SM-S916BNovember 2025
Samsung Galaxy S23SM-S911BNovember 2025
Samsung Galaxy A14SM-A145FNovember 2025
Samsung Galaxy S21 FE 5GSM-G990BNovember 2025
Samsung Galaxy S21 FE 5GSM-G990B2November 2025
Samsung Galaxy S22 Ultra 5GSM-S908U1November 2025
Samsung Galaxy S22+ 5GSM-S906U1November 2025
And 20221 more...

The big picture.

Our data provides a holistic overview on each phase of the vulnerability lifecycle.

Vulnerability Introduction

Each new chipset release brings exciting features, yet often inherits vulnerabilities from previous generations.

In each new chipset generation...

93 %
of all vulnerabilities are inherhited from previous chipset generations
7%
of all vulnerabilities occur in this chipset generation for the first time

Vulnerability Discovery

Vulnerabilities are either found internally by chipset manufacturers, or by external researchers.

Since 2018, external researchers have found 55% of all published chipset vulnerabilities.

Yearly ratio of published vulnerabilities discovered by external researchers.

The relative amount of externally discovered vulnerabilities differs between chipset manufacturers.

Ratio of published vulnerabilities discovered by external researchers during the past two years, broken down by manufacturer. A lower bar implies that a chipset manufacturer was able to find more vulnerabilities internally.
Ratio of vulnerabilities discovered by chipset manufacturers
Manufacturer20232024
MediaTek10%39%
SAMSUNG LSI60%0%
Qualcomm57%53%
UNISOC7%2%

Patch Development

Once a vulnerability is discovered, the affected chipsets' manufacturer assesses its severity, develops a patch and publishes vulnerability information in the form of a CVE and a bulletin on their website as well as the AOSP.

Severity assessmentAre firmware vulnerabilities more severe?

Firmware

7.8
Median CVSS score of firmware running on chipset co-processors.

Drivers

7.0
Median CVSS score of drivers for chipset functionality.
Time to patch availabilityHow long does it take chipset manufacturers to develop a mitigating patch?

For vulnerabilities published in 2024, it took chipset manufacturers on average 153 days to provide a patch to OEMs, after they have been informed of a vulnerability. This is 0% faster than in 2023.

Based on data provided on the websites of Qualcomm and Samsung.

Update deployment

Time frame from public disclosure to updateUpdates are available for half of all device models within 72 days after a vulnerability is announced.
Time frame from first available updateHalf of all device models have received an update 34 days after the first model affected by that vulnerability.

For researchers.

Our data set aids researchers in tracking vulnerability trends, offering aggregated monthly discovery numbers. This helps focus research efforts on underrepresented or highly vulnerable areas. Additionally, it assesses individual research impact by offering per vulnerability information on impacted chipsets and devices.

Next steps:
Find devices affected by a vulnerabilityExplore trends in vulnerability discoveryMeasure the vulnerability lifecycle

Furthermore, evaluating novel vulnerability discovery techniques warrants a representative set of devices to empirically test the success of said techniques. Many chipsets share the same vulnerabilities through code re-use. Manually testing chipsets affected by mostly overlapping sets of vulnerabilities is time consuming, unnecessarily expensive and thus inefficient. Our device picker helps select a variety of devices with chipsets that share fewer vulnerabilities, increasing the likelihood of testing novel implementations rather than re-used ones.

Next step:
Sample evaluation devices
For more information and a detailed analysis of the data presented on this website, please see our paper, to be presented at NDSS'25.
Follow us on Twitter
Contact usData privacy policyImprint