I pointed this out in a comment a few days ago, but the era in handset design when basebands were unilaterally trusted is over. I believe modern Qualcomm basebands are firewalled off from the rest of the device using MMUs, they do not have the ability to do DMA and their firmware is significantly hardened using techniques like ASLR, stack canaries and even using a proprietary VLIW instruction set that is barely documented.

Handset makers and carriers all have strong financial incentives to harden the basebands against hacks because they don't want people unlocking their phones, which was often being done by exploiting bugs in basebands. Also, they need the airwaves to have integrity and mobile protocols are all based on the assumption of trusted endpoints that don't violate the rules. Now that DIY GSM base stations have become a reality, carriers face a nightmare scenario of someone running a buggy or malicoius "tower" that infects basebands of any phones that enters into range and starts them doing some kind of horrible attack against the carrier infrastructure. E.g. you can imagine an extortion attempt that works this way. It's in their best interests for their devices to behave predictably and be controlled only be themselves.