Snapdragon 439 Mobile Platform Firmware
CVE-2025-21428
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
AnalysisAI
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-126. Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. Affected products include: Qualcomm Snapdragon 439 Mobile Platform Firmware, Qualcomm Snapdragon 625 Mobile Platform Firmware, Qualcomm Snapdragon 626 Mobile Platform Firmware, Qualcomm Snapdragon 632 Mobile Platform Firmware, Qualcomm Snapdragon 820 Automotive Platform Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner
Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no
Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability i
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback fr
Memory corruption while processing API calls to NPU with invalid input. Rated high severity (CVSS 7.8), this vulnerabili
Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low atta
Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8),
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today