Primary

Context

Qualcomm Core Services Buffer Copy Without Size Check Vulnerability Allowing Memory Corruption

Vulnerability

A vulnerability exists in Qualcomm's core services that involves memory corruption due to improper handling of packets from Unix clients. This issue arises from a buffer copy operation that does not adequately verify the size of the incoming data, creating a classic buffer overflow scenario. The vulnerability affects several chipsets and has been reported internally.

Impact

Exploitation of this vulnerability leads to memory corruption, which can commonly result in arbitrary code execution or causing a device to crash.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm December 2025 Security Bulletin.

Added: Dec 18, 2025, 6:53 AM

Updated: Dec 18, 2025, 6:53 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Core Services Buffer Copy Without Size Check Vulnerability Allowing Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating