Primary

Context

Qualcomm Products Information Disclosure Vulnerability via Weak Hash in IOCTL Session ID Retrieval

Vulnerability

A vulnerability exists in various chipsets of Qualcomm products, allowing information disclosure through the return of a weakly hashed value to userland code. This occurs in response to an IOCTL call requesting a session ID, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability leads to unauthorized information disclosure, as a weakly hashed session ID is returned to userland code, which could be intercepted or misused.

Remediation

Qualcomm has notified customers about this vulnerability and is actively sharing patches. Instructions for applying the patch can be found in the January 2026 Qualcomm Security Bulletin.

Added: Jan 7, 2026, 6:21 PM

Updated: Jan 7, 2026, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Products Information Disclosure Vulnerability via Weak Hash in IOCTL Session ID Retrieval

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating