Qualcomm WinBlast Driver Buffer Over-read Vulnerability Allowing Memory Corruption

A buffer over-read vulnerability has been identified in the WinBlast driver of Qualcomm chipsets. This vulnerability leads to memory corruption by retrieving an output buffer without proper validation of its size. The issue arises when the driver processes input/output control (IOCTL) commands, allowing potentially harmful data to be accessed or manipulated, which could disrupt normal device operation or create security risks.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to arbitrary code execution or local denial-of-service conditions by causing the device to crash or become unresponsive.

Remediation

Qualcomm has notified device manufacturers about this vulnerability and is actively sharing patches. For information on the patching status of released devices, contact the device manufacturer.