In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
Linux Kernel 6.x/5.15 LTS | Android 14/13
Vulnerability
CVE-2015-9064
NVD
Refer to CVE-2015-9064 NVD advisory