Memory corruption while parsing the ML IE due to invalid frame content.
An error classified as CWE-129 (improper validation of array index) occurs during parsing of the ML IE (Multi-Link Information Element) information element. When the processed frame contains invalid content, missing or insufficient array index validation leads to memory corruption. An attacker can craft an appropriately modified frame and send it to a vulnerable device without requiring any privileges.
Successful exploitation can lead to device takeover, disclosure of confidential data, data modification, or complete system unavailability (violation of confidentiality, integrity, and availability at a high level).
Apply patches available from the manufacturer according to references — Qualcomm security bulletin from February 2025 (https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html). OEM device manufacturers using Qualcomm chipsets should immediately deploy firmware updates provided by Qualcomm.
Firmware of Qualcomm devices: AR8035, CSR8811, FastConnect 6700, and other products listed in the Qualcomm security bulletin from February 2025.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQualcomm Ar8035
HWQualcommwszystkie wersjeQualcomm Ar8035 Firmware
OSQualcommwszystkie wersjeQualcomm Csr8811
HWQualcommwszystkie wersjeQualcomm Csr8811 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6700
HWQualcommwszystkie wersjeQualcomm Fastconnect 6700 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6900
HWQualcommwszystkie wersjeQualcomm Fastconnect 6900 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 7800
HWQualcommwszystkie wersjeQualcomm Fastconnect 7800 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 214
HWQualcommwszystkie wersjeQualcomm Immersive Home 214 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 216
HWQualcommwszystkie wersjeQualcomm Immersive Home 216 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 316
HWQualcommwszystkie wersjeQualcomm Immersive Home 316 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 318
HWQualcommwszystkie wersjeQualcomm Immersive Home 318 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 3210
HWQualcommwszystkie wersjeQualcomm Immersive Home 3210 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 326
HWQualcommwszystkie wersjeQualcomm Immersive Home 326 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq5010
HWQualcommwszystkie wersjeQualcomm Ipq5010 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq5028
HWQualcommwszystkie wersjeQualcomm Ipq5028 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq5300
HWQualcommwszystkie wersjeQualcomm Ipq5300 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq5302
HWQualcommwszystkie wersjeQualcomm Ipq5302 Firmware
OSQualcommwszystkie wersje
Related vulnerabilities
Qualcomm: Memory Corruption przy ładowaniu uszkodzonego obrazu ELF
Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR
Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)
Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania
Qualcomm Snapdragon – memory corruption przy przekierowaniu pliku logów