CVE-2025-21438
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
Memory corruption while IOCTL call is invoked from user-space to read board data.
Analysis
Memory corruption while IOCTL call is invoked from user-space to read board data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Memory corruption while IOCTL call is invoked from user-space to read board data. Affected products include: Qualcomm Fastconnect 6200 Firmware, Qualcomm Fastconnect 6700 Firmware, Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Qca6164 Firmware.
Affected Products
Qualcomm Fastconnect 6200 Firmware, Qualcomm Fastconnect 6700 Firmware, Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Qca6164 Firmware.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today