Primary

Context

Qualcomm Products Buffer Over-read Vulnerability in WLAN Host Communication

Vulnerability

A buffer over-read vulnerability has been identified in various chipsets used in Qualcomm products. This vulnerability can lead to a transient denial-of-service condition by causing a device to reset during a video call, due to the receipt of a non-conforming RTCP packet that does not adhere to RFC standards. The issue arises while parsing extended information elements in beacons, particularly in the context of WLAN host communication.

Impact

Exploitation of this vulnerability can cause a temporary denial-of-service condition, where the device resets and disrupts ongoing activities, such as a video call.

Remediation

Qualcomm has released patches for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch are available in the Qualcomm April 2025 Security Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Products Buffer Over-read Vulnerability in WLAN Host Communication

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating