Primary

Context

Qualcomm Automotive OS Memory Corruption Vulnerability via Guest VM Interaction

Vulnerability

A memory corruption vulnerability has been identified in the Qualcomm Automotive Software platform based on QNX. This issue arises from improper input validation while reading data from a buffer controlled by the Guest Virtual Machine, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability can cause memory corruption, which may be leveraged to execute arbitrary code or cause a denial-of-service condition.

Remediation

Qualcomm has notified customers about this vulnerability and is actively sharing patches. Instructions for applying the patch can be found in the Qualcomm March 2025 Security Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Qualcomm QAM8255P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qam8255p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAM8295P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qam8295p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAM8620P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qam8620p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAM8650P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qam8650p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAM8775P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qam8775p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAMSRV1H

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qamsrv1h:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QAMSRV1M

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qamsrv1m:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6574AU

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6595

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6595:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6595AU

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6595au:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6688AQ

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6688aq:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6696

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6696:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCA6698AQ

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qca6698aq:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA7255P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa7255p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA7775P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa7775p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8255P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8255p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8295P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8295p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8540P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8540p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA8620P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa8620p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SA9000P

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sa9000p:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SRV1H

Moderate fix1 remedy

cpe:2.3:h:qualcomm:srv1h:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SRV1L

Moderate fix1 remedy

cpe:2.3:h:qualcomm:srv1l:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SRV1M

Moderate fix1 remedy

cpe:2.3:h:qualcomm:srv1m:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Automotive OS Memory Corruption Vulnerability via Guest VM Interaction

Vulnerability

Impact

Remediation

Affected Products

Qualcomm QAM8255P

Qualcomm QAM8295P

Qualcomm QAM8620P

Qualcomm QAM8650P

Qualcomm QAM8775P

Qualcomm QAMSRV1H

Qualcomm QAMSRV1M

Qualcomm QCA6574AU

Qualcomm QCA6595

Qualcomm QCA6595AU

Qualcomm QCA6688AQ

Qualcomm QCA6696

Qualcomm QCA6698AQ

Qualcomm SA7255P

Qualcomm SA7775P

Qualcomm SA8255P

Qualcomm SA8295P

Qualcomm SA8540P

Qualcomm SA8620P

Qualcomm SA9000P

Qualcomm SRV1H

Qualcomm SRV1L

Qualcomm SRV1M

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating