Primary

Context

Qualcomm Audio Buffer Over-read Vulnerability Allowing Information Disclosure

Vulnerability

A buffer over-read vulnerability has been identified in the audio component of certain Qualcomm chipsets. This vulnerability allows for information disclosure by invoking the callback function of the sound model driver from the Audio Digital Signal Processor (ADSP). The issue arises for every valid opcode received from the sound model driver, leading to the unintentional exposure of sensitive information.

Impact

Exploitation of this vulnerability can result in a buffer over-read, causing information disclosure.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm January 2025 Security Bulletin.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Audio Buffer Over-read Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating