Primary

Context

Qualcomm Snapdragon Products Buffer Over-Read Vulnerability in WLAN Firmware Allowing Denial-of-Service

Vulnerability

A buffer over-read vulnerability has been identified in the WLAN firmware of various chipsets used in Qualcomm Snapdragon products. This vulnerability can lead to a transient denial-of-service condition by causing memory corruption when the firmware processes vendor-specific information elements in WLAN frames, particularly for BTM requests. The issue arises from improper handling of length fields, which can create inconsistencies in how data is read and processed, potentially leading to memory being accessed out of bounds.

Impact

Exploitation of this vulnerability can cause a temporary denial-of-service condition by disrupting normal WLAN operations, such as processing beacon frames or handling BTM requests, which can lead to increased latency or dropped connections.

Remediation

Qualcomm has released patches for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch are available in the Qualcomm July 2025 Security Bulletin.

Added: Jul 8, 2025, 2:46 PM

Updated: Jul 8, 2025, 2:46 PM

Affected Products

Qualcomm AQT1000

0 remedies

cpe:2.3:h:qualcomm:aqt1000:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 6200

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6200:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 6700

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6700:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 6800

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6800:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 6900

0 remedies

cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 7800

0 remedies

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:*:*:*:*:*:*:*

0 remedies

Qualcomm QCA6391

0 remedies

cpe:2.3:h:qualcomm:qca6391:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm QCA6420

0 remedies

cpe:2.3:h:qualcomm:qca6420:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm QCA6430

0 remedies

cpe:2.3:h:qualcomm:qca6430:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm QCM5430

0 remedies

cpe:2.3:h:qualcomm:qcm5430:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm QCM6490

0 remedies

cpe:2.3:h:qualcomm:qcm6490:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm QCS5430

0 remedies

cpe:2.3:h:qualcomm:qcs5430:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm QCS6490

0 remedies

cpe:2.3:h:qualcomm:qcs6490:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm Video Collaboration VC3

0 remedies

cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc3:*:*:*:*:*:*:*, +6 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WCD9340

0 remedies

cpe:2.3:h:qualcomm:wcd9340:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WCD9341

0 remedies

cpe:2.3:h:qualcomm:wcd9341:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WCD9370

0 remedies

cpe:2.3:h:qualcomm:wcd9370:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WCD9375

0 remedies

cpe:2.3:h:qualcomm:wcd9375:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WCD9380

0 remedies

cpe:2.3:h:qualcomm:wcd9380:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WCD9385

0 remedies

cpe:2.3:h:qualcomm:wcd9385:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8810

0 remedies

cpe:2.3:h:qualcomm:wsa8810:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8815

0 remedies

cpe:2.3:h:qualcomm:wsa8815:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8830

0 remedies

cpe:2.3:h:qualcomm:wsa8830:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8835

0 remedies

cpe:2.3:h:qualcomm:wsa8835:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8840

0 remedies

cpe:2.3:h:qualcomm:wsa8840:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8845

0 remedies

cpe:2.3:h:qualcomm:wsa8845:*:*:*:*:*:*:*, +1 more

0 remedies

>= 1.0, < 1.0.0.1

Qualcomm WSA8845H

0 remedies

cpe:2.3:h:qualcomm:wsa8845h:*:*:*:*:*:*:*, +1 more

0 remedies

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Snapdragon Products Buffer Over-Read Vulnerability in WLAN Firmware Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Qualcomm AQT1000

Qualcomm FastConnect 6200

Qualcomm FastConnect 6700

Qualcomm FastConnect 6800

Qualcomm FastConnect 6900

Qualcomm FastConnect 7800

Qualcomm QCA6391

Qualcomm QCA6420

Qualcomm QCA6430

Qualcomm QCM5430

Qualcomm QCM6490

Qualcomm QCS5430

Qualcomm QCS6490

Qualcomm Video Collaboration VC3

Qualcomm WCD9340

Qualcomm WCD9341

Qualcomm WCD9370

Qualcomm WCD9375

Qualcomm WCD9380

Qualcomm WCD9385

Qualcomm WSA8810

Qualcomm WSA8815

Qualcomm WSA8830

Qualcomm WSA8835

Qualcomm WSA8840

Qualcomm WSA8845

Qualcomm WSA8845H

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating