Primary

Context

Qualcomm WLAN Host Buffer Over-read Vulnerability Allowing Memory Corruption

Vulnerability

A buffer over-read vulnerability has been identified in the WLAN Host component of Qualcomm chipsets. This vulnerability occurs when a Station (STA) connects to an Access Point (AP) and the AP initiates an ADD TS request to establish a TSpec session. The vulnerability leads to memory corruption by improperly handling the timing and size of the data being processed, which can cause a device to reset during a video call, disrupting the connection.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to a denial-of-service condition by causing the device to reset unexpectedly.

Reproduction

To reproduce this vulnerability, connect a device with the affected chipset to an Access Point (AP) that initiates an ADD TS request. This can be done by using a device that supports the IEEE 802.11 EHT (Extremely High Throughput) standard, which is capable of sending such requests. Once the ADD TS request is received, the device will process the request, leading to a buffer over-read and memory corruption.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm April 2025 Security Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Qualcomm FastConnect 6200

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6200:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm FastConnect 6700

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6700:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm FastConnect 6800

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6800:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm FastConnect 6900

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm FastConnect 7800

0 remedies

cpe:2.3:h:qualcomm:fastconnect_7800:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAM8255P

0 remedies

cpe:2.3:h:qualcomm:qam8255p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAM8295P

0 remedies

cpe:2.3:h:qualcomm:qam8295p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAM8620P

0 remedies

cpe:2.3:h:qualcomm:qam8620p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAM8650P

0 remedies

cpe:2.3:h:qualcomm:qam8650p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAM8775P

0 remedies

cpe:2.3:h:qualcomm:qam8775p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAMSRV1H

0 remedies

cpe:2.3:h:qualcomm:qamsrv1h:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QAMSRV1M

0 remedies

cpe:2.3:h:qualcomm:qamsrv1m:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6174A

0 remedies

cpe:2.3:h:qualcomm:qca6174:*:*:*:*:*:*:*, +3 more

0 remedies

Qualcomm QCA6391

0 remedies

cpe:2.3:h:qualcomm:qca6391:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6420

0 remedies

cpe:2.3:h:qualcomm:qca6420:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6421

0 remedies

cpe:2.3:h:qualcomm:qca6421:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6426

0 remedies

cpe:2.3:h:qualcomm:qca6426:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6430

0 remedies

cpe:2.3:h:qualcomm:qca6430:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6431

0 remedies

cpe:2.3:h:qualcomm:qca6431:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6436

0 remedies

cpe:2.3:h:qualcomm:qca6436:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6574

0 remedies

cpe:2.3:h:qualcomm:qca6574:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6574A

0 remedies

cpe:2.3:h:qualcomm:qca6574a:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6574AU

0 remedies

cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6584AU

0 remedies

cpe:2.3:h:qualcomm:qca6584au:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6595

0 remedies

cpe:2.3:h:qualcomm:qca6595:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6595AU

0 remedies

cpe:2.3:h:qualcomm:qca6595au:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6678AQ

0 remedies

cpe:2.3:h:qualcomm:qca6678aq:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6688AQ

0 remedies

cpe:2.3:h:qualcomm:qca6688aq:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6696

0 remedies

cpe:2.3:h:qualcomm:qca6696:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6698AQ

0 remedies

cpe:2.3:h:qualcomm:qca6698aq:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA6797AQ

0 remedies

cpe:2.3:h:qualcomm:qca6797aq:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA8081

0 remedies

cpe:2.3:h:qualcomm:qca8081:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCA8337

0 remedies

cpe:2.3:h:qualcomm:qca8337:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCC710

0 remedies

cpe:2.3:h:qualcomm:qcc710:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM2290

0 remedies

cpe:2.3:h:qualcomm:qcm2290:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM4290

0 remedies

cpe:2.3:h:qualcomm:qcm4290:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM4325

0 remedies

cpe:2.3:h:qualcomm:qcm4325:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM4490

0 remedies

cpe:2.3:h:qualcomm:qcm4490:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM5430

0 remedies

cpe:2.3:h:qualcomm:qcm5430:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM6125

0 remedies

cpe:2.3:h:qualcomm:qcm6125:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM6490

0 remedies

cpe:2.3:h:qualcomm:qcm6490:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCM8550

0 remedies

cpe:2.3:h:qualcomm:qcm8550:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN6024

0 remedies

cpe:2.3:h:qualcomm:qcn6024:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN6224

0 remedies

cpe:2.3:h:qualcomm:qcn6224:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN6274

0 remedies

cpe:2.3:h:qualcomm:qcn6274:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN7606

0 remedies

cpe:2.3:h:qualcomm:qcn7606:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN9011

0 remedies

cpe:2.3:h:qualcomm:qcn9011:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN9012

0 remedies

cpe:2.3:h:qualcomm:qcn9012:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN9024

0 remedies

cpe:2.3:h:qualcomm:qcn9024:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCN9274

0 remedies

cpe:2.3:h:qualcomm:qcn9274:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS2290

0 remedies

cpe:2.3:h:qualcomm:qcs2290:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS4290

0 remedies

cpe:2.3:h:qualcomm:qcs4290:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS4490

0 remedies

cpe:2.3:h:qualcomm:qcs4490:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS5430

0 remedies

cpe:2.3:h:qualcomm:qcs5430:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS6490

0 remedies

cpe:2.3:h:qualcomm:qcs6490:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS7230

0 remedies

cpe:2.3:h:qualcomm:qcs7230:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS8250

0 remedies

cpe:2.3:h:qualcomm:qcs8250:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS8300

0 remedies

cpe:2.3:h:qualcomm:qcs8300:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS8550

0 remedies

cpe:2.3:h:qualcomm:qcs8550:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QCS9100

0 remedies

cpe:2.3:h:qualcomm:qcs9100:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QDU1000

0 remedies

cpe:2.3:h:qualcomm:qdu1000:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QDU1010

0 remedies

cpe:2.3:h:qualcomm:qdu1010:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QDU1110

0 remedies

cpe:2.3:h:qualcomm:qdu1110:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QDU1210

0 remedies

cpe:2.3:h:qualcomm:qdu1210:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QDX1010

0 remedies

cpe:2.3:h:qualcomm:qdx1010:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QDX1011

0 remedies

cpe:2.3:h:qualcomm:qdx1011:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QEP8111

0 remedies

cpe:2.3:h:qualcomm:qep8111:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QFW7114

0 remedies

cpe:2.3:h:qualcomm:qfw7114:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm QFW7124

0 remedies

cpe:2.3:h:qualcomm:qfw7124:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SD 8 Gen1 5G

0 remedies

cpe:2.3:h:qualcomm:sd_8_gen1_5g:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SD670

0 remedies

cpe:2.3:h:qualcomm:sd670:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SD730

0 remedies

cpe:2.3:h:qualcomm:sd730:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SD855

0 remedies

cpe:2.3:h:qualcomm:sd855:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SD865 5G

0 remedies

cpe:2.3:h:qualcomm:sd865_5g:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SD888

0 remedies

cpe:2.3:h:qualcomm:sd888:*:*:*:*:*:*:*, +5 more

0 remedies

Qualcomm SDX61

0 remedies

cpe:2.3:h:qualcomm:sdx61:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SG4150P

0 remedies

cpe:2.3:h:qualcomm:sg4150p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SG8275P

0 remedies

cpe:2.3:h:qualcomm:sg8275p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM4125

0 remedies

cpe:2.3:h:qualcomm:sm4125:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM4635

0 remedies

cpe:2.3:h:qualcomm:sm4635:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM6250

0 remedies

cpe:2.3:h:qualcomm:sm6250:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM6370

0 remedies

cpe:2.3:h:qualcomm:sm6370:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM6650

0 remedies

cpe:2.3:h:qualcomm:sm6650:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM7250P

0 remedies

cpe:2.3:h:qualcomm:sm7250p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM7315

0 remedies

cpe:2.3:h:qualcomm:sm7315:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM7325P

0 remedies

cpe:2.3:h:qualcomm:sm7325p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM7635

0 remedies

cpe:2.3:h:qualcomm:sm7635:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM7675

0 remedies

cpe:2.3:h:qualcomm:sm7675:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM7675P

0 remedies

cpe:2.3:h:qualcomm:sm7675p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM8550P

0 remedies

cpe:2.3:h:qualcomm:sm8550p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM8635

0 remedies

cpe:2.3:h:qualcomm:sm8635:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM8635P

0 remedies

cpe:2.3:h:qualcomm:sm8635p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM8650Q

0 remedies

cpe:2.3:o:qualcomm:sm8650q_firmware:*:*:*:*:*:*:*

0 remedies

Qualcomm SM8735

0 remedies

Qualcomm SM8750

0 remedies

cpe:2.3:h:qualcomm:sm8750:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm SM8750P

0 remedies

cpe:2.3:h:qualcomm:sm8750p:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm Snapdragon 4 Gen 1 Mobile Platform

0 remedies

cpe:2.3:h:qualcomm:snapdragon_4_gen_1_mobile:*:*:*:*:*:*:*, +3 more

0 remedies

Qualcomm Snapdragon 4 Gen 2 Mobile Platform

0 remedies

cpe:2.3:h:qualcomm:snapdragon_4_gen_2_mobile:*:*:*:*:*:*:*, +3 more

0 remedies

Qualcomm Snapdragon 8 Gen 1 Mobile Platform

0 remedies

cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile_platform:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm Snapdragon 8 Gen 2 Mobile Platform

0 remedies

cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm Snapdragon 8+ Gen 1 Mobile Platform

0 remedies

cpe:2.3:h:qualcomm:snapdragon_8+_gen_1_mobile_platform:*:*:*:*:*:*:*, +1 more

0 remedies

Qualcomm Snapdragon 8cx Gen 3 Compute Platform

0 remedies

cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform:*:*:*:*:*:*:*, +1 more

0 remedies

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.3

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.3

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.