Primary

Context

Qualcomm Video Buffer Over-Read Vulnerability Allowing Information Disclosure

Vulnerability

A buffer over-read vulnerability has been identified in the video processing component of certain Qualcomm chipsets. This vulnerability allows for information disclosure when the video engine receives escape input data that is smaller than the expected minimum size. The issue arises from improper handling of input data, leading to a buffer over-read condition.

Impact

Exploitation of this vulnerability causes a buffer over-read, which can lead to information disclosure by allowing unauthorized access to data that should be protected.

Remediation

Qualcomm has notified device manufacturers about this vulnerability and provided patch instructions. For the latest information on the patching status, contact the device manufacturer.

Added: Sep 24, 2025, 5:07 PM

Updated: Sep 24, 2025, 8:02 PM

Affected Products

Qualcomm FastConnect 6700

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_6700:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 6900

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm FastConnect 7800

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_7800:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm QCM5430

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcm5430:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm QCM6490

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcm6490:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm QCS5430

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcs5430:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm QCS6490

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcs6490:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm Video Collaboration VC3

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc3:*:*:*:*:*:*:*, +3 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm SC8380XP

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sc8380xp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm Snapdragon 7c+ Gen 3 Compute

Moderate fix1 remedy

cpe:2.3:h:qualcomm:snapdragon_7c+_gen_3_compute:*:*:*:*:*:*:*, +2 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm Snapdragon 8cx Gen 3 Compute

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sd_8cx_gen3:*:*:*:*:*:*:*, +12 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WCD9370

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9370:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WCD9375

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9371:*:*:*:*:*:*:*, +5 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WCD9380

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9380:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WCD9385

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wcd9385:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WSA8830

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8830:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WSA8835

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8835:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WSA8840

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8840:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WSA8845

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8845:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Qualcomm WSA8845H

Moderate fix1 remedy

cpe:2.3:h:qualcomm:wsa8845h:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 1.0, < 1.0.0.1

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Video Buffer Over-Read Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Qualcomm FastConnect 6700

Qualcomm FastConnect 6900

Qualcomm FastConnect 7800

Qualcomm QCM5430

Qualcomm QCM6490

Qualcomm QCS5430

Qualcomm QCS6490

Qualcomm Video Collaboration VC3

Qualcomm SC8380XP

Qualcomm Snapdragon 7c+ Gen 3 Compute

Qualcomm Snapdragon 8cx Gen 3 Compute

Qualcomm WCD9370

Qualcomm WCD9375

Qualcomm WCD9380

Qualcomm WCD9385

Qualcomm WSA8830

Qualcomm WSA8835

Qualcomm WSA8840

Qualcomm WSA8845

Qualcomm WSA8845H

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating