Primary

Context

Qualcomm Products Memory Corruption Vulnerability via IOCTL Calls

Vulnerability

A use-after-free vulnerability has been identified in various chipsets of Qualcomm products, including those in the Automotive Software platform based on QNX, Windows WLAN Host, and several chipsets used in mobile and automotive applications. This vulnerability allows memory corruption by improperly managing DMA buffers during IOCTL operations, which could potentially be exploited to cause unauthorized memory access or manipulation.

Impact

Exploitation of this vulnerability leads to memory corruption, which can cause undefined behavior in the application, including potential arbitrary code execution or causing the system to crash.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the January 2025 Qualcomm Security Bulletin.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Affected Products

Qualcomm FastConnect 6900

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm FastConnect 7800

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_7800:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAM8295P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qam8295p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6574AU

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6696

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6696:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCM8550

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcm8550:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCS6490

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcs6490:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCS8550

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcs8550:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Video Collaboration VC3 Platform

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc1_platform:*:*:*:*:*:*:*, +14 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA6145P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa6145p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA6150P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa6150p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA6155P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8145P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8145p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8150P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8150p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8155P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8155p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8195P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8195p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8295P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8295p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SD 8 Gen1 5G

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sd_8_gen1_5g:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SG8275P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sg8275p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SM8550P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sm8550p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Snapdragon 8 Gen 2 Mobile Platform

Moderate fix1 remedy

cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Snapdragon 8 Gen 3 Mobile Platform

Moderate fix1 remedy

cpe:2.3:h:qualcomm:snapdragon_8_gen_3_mobile_platform:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Snapdragon 8+ Gen 2 Mobile Platform

Moderate fix1 remedy

cpe:2.3:h:qualcomm:snapdragon_8+_gen_2_mobile_platform:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SSG2115P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:ssg2115p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SSG2125P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:ssg2125p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SXR1230P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sxr1230p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WCD9380

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9380:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WCD9385

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9385:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WCD9390

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9390:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WCD9395

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9395:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WSA8830

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8830:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WSA8832

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8832:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WSA8835

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8835:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WSA8840

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8840:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WSA8845

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8845:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm WSA8845H

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8845h:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.