Skip to main content

Qcn6024 Firmware CVE-2025-21463

| EUVDEUVD-2025-16706 HIGH
Buffer Over-read (CWE-126)
2025-06-03 product-security@qualcomm.com
Information Disclosure Qcn6024 Firmware Qca6696 Firmware Snapdragon X65 5g Modem Rf System Firmware Sa7775p Firmware Wcn6755 Firmware Sm6650 Firmware Qca8081 Firmware Qcf8001 Firmware Qcn9012 Firmware Sa8195p Firmware Ipq8072a Firmware Ipq6028 Firmware Qcn9100 Firmware Ipq8070a Firmware Qcn6402 Firmware Sxr2330p Firmware Qca6584au Firmware Sm8550p Firmware Sa9000p Firmware Wcd9395 Firmware Qcm8550 Firmware Sdx55 Firmware Qam8620p Firmware Qcn5224 Firmware Qfw7114 Firmware Qca6564au Firmware Ipq9574 Firmware Snapdragon Ar2 Gen 1 Platform Firmware Srv1h Firmware Qam8775p Firmware Sa6155p Firmware Ipq8076a Firmware Sc8380xp Firmware Ipq5424 Firmware Ipq8071a Firmware Qcn9024 Firmware Qcs6490 Firmware Sm7675 Firmware Qcc2073 Firmware Wcn7750 Firmware Fastconnect 7800 Firmware Qca9889 Firmware Qcc2076 Firmware Ipq9008 Firmware Qca8111 Firmware Qca8384 Firmware Sm8735 Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Qcs8550 Firmware Wcd9341 Firmware Srv1l Firmware Snapdragon 8 Gen 3 Mobile Platform Firmware Flight Rb5 5g Platform Firmware Ipq9570 Firmware Qca8085 Firmware Qca6678aq Firmware Sa8155p Firmware Qcn6112 Firmware Qcs615 Firmware Qcn9274 Firmware Qca8101 Firmware Sm6650p Firmware Wsa8835 Firmware Qca8112 Firmware Qcn9160 Firmware Ipq5302 Firmware Ar8035 Firmware Ipq9048 Firmware Ssg2125p Firmware Qca6554a Firmware Qrb5165n Firmware Qamsrv1m Firmware Qcs5430 Firmware Ipq8174 Firmware Qcn5124 Firmware Qcm6490 Firmware Qca6777aq Firmware Sxr2230p Firmware Qca6391 Firmware Sa8650p Firmware Qca8102 Firmware Sm8750p Firmware Qca8082 Firmware Qca6574 Firmware Qcn6412 Firmware Qca4024 Firmware Sxr2250p Firmware Wcd9380 Firmware Csr8811 Firmware Ipq6000 Firmware Sdx65m Firmware Srv1m Firmware Qca8084 Firmware Qca8385 Firmware Ipq9554 Firmware Wcn7860 Firmware Qam8295p Firmware Qca8075 Firmware Immersive Home 214 Platform Firmware Ipq5312 Firmware Sa8295p Firmware Immersive Home 326 Platform Firmware Immersive Home 316 Platform Firmware Ipq5332 Firmware Snapdragon X75 5g Modem Rf System Firmware Sm7675p Firmware Video Collaboration Vc5 Platform Firmware Qcf8000 Firmware Ipq5300 Firmware Wsa8845h Firmware Qcn6432 Firmware Video Collaboration Vc3 Platform Firmware Qca6688aq Firmware Sa8620p Firmware Qcn5152 Firmware Ipq8078a Firmware Qcs9100 Firmware Qca6595 Firmware Snapdragon Ar1 Gen 1 Platform Firmware Qcn6274 Firmware Qca8386 Firmware Sa8770p Firmware Ipq8173 Firmware Sm8635 Firmware Sm8750 Firmware Qcn5022 Firmware Sa8775p Firmware Wcd9375 Firmware Wcd9335 Firmware Sxr1230p Firmware Qcc710 Firmware Qcn6422 Firmware Wcn6450 Firmware Sm7635 Firmware Wcn6650 Firmware Wcd9385 Firmware Qcn6023 Firmware Sa8255p Firmware Sm8650q Firmware Snapdragon 8 Gen 2 Mobile Platform Firmware Wcn3990 Firmware Qcn5052 Firmware Wcd9340 Firmware Qcf8000sfp Firmware Ipq5010 Firmware Wcd9378 Firmware Wcd9370 Firmware Wsa8845 Firmware Wsa8840 Firmware Ipq6018 Firmware Qcs7230 Firmware Qca8337 Firmware Qca6787aq Firmware Wcn7861 Firmware Qamsrv1h Firmware Qcn5122 Firmware Qcs8250 Firmware Wcn3950 Firmware Fastconnect 6700 Firmware Qca6574a Firmware Vision Intelligence 400 Platform Firmware Qam8255p Firmware Qcn9070 Firmware Qca8080 Firmware Snapdragon X72 5g Modem Rf System Firmware Immersive Home 3210 Platform Firmware Sa7255p Firmware Sm8635p Firmware Qcn5024 Firmware Ipq5028 Firmware Qxm8083 Firmware Ipq8074a Firmware Qcn6122 Firmware Robotics Rb5 Platform Firmware Ssg2115p Firmware Qfw7124 Firmware Qcn9074 Firmware Qcn9022 Firmware Ipq6010 Firmware Wcn7880 Firmware Wcd9390 Firmware Wcn7881 Firmware Qcn5154 Firmware Qmp1000 Firmware Sa8530p Firmware Qcn5164 Firmware Qcn6132 Firmware Qca6595au Firmware Qca6797aq Firmware Qcn6224 Firmware Fastconnect 6900 Firmware Ipq8076 Firmware Qcs8300 Firmware Qam8650p Firmware Qcn9011 Firmware Wsa8830 Firmware Sa8540p Firmware Qca6698aq Firmware Qca9888 Firmware Qca6574au Firmware Immersive Home 318 Platform Firmware Qcn9000 Firmware Wsa8832 Firmware Ipq8078 Firmware Wcn3910 Firmware Immersive Home 216 Platform Firmware Qcn9072 Firmware Qcm5430 Firmware Sg8275p Firmware
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16706
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 06:15 nvd
HIGH 7.5

DescriptionCVE.org

Transient DOS while processing the EHT operation IE in the received beacon frame.

AnalysisAI

Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malformed EHT (Extremely High Throughput) operation information element. An unauthenticated remote attacker can trigger a temporary service disruption by sending a specially crafted beacon frame, affecting WiFi 6E and later devices. With a CVSS score of 7.5 and high availability impact, this vulnerability requires no user interaction and is network-accessible, making it a notable threat to wireless infrastructure and client devices, though there is currently no evidence of active exploitation in the wild.

Technical ContextAI

This vulnerability exists in the WiFi beacon frame processing logic, specifically in the handling of the EHT (802.11be) Operation Information Element. CWE-126 (Buffer Over-read) indicates the root cause is likely an out-of-bounds memory read when parsing the EHT operation IE structure without proper bounds checking. The vulnerable code path is triggered during beacon frame reception and information element parsing in the MAC layer, before higher-layer validation occurs. This affects WiFi 6E (802.11ax with 6GHz) and WiFi 7 (802.11be) capable chipsets and drivers from multiple vendors including but not limited to Broadcom, Qualcomm, MediaTek, and Intel implementations that process these frames. The transient nature (non-persistent DoS) suggests the device recovers after the malformed frame is discarded, but repeated frames can cause continuous availability disruption.

RemediationAI

Remediation requires patching at the firmware/driver level: (1) For end-user devices: update WiFi drivers and firmware to patched versions released by device manufacturers (check Dell, HP, Lenovo, Apple, Samsung, etc. for driver updates). (2) For enterprise WiFi: update access point firmware from Aruba, Cisco, Ruckus, and other vendors to versions that address the EHT operation IE parsing. (3) For Linux systems: apply kernel patches to the mac80211 or vendor-specific WiFi drivers (check with distributions for backported patches). (4) Temporary mitigation: disable WiFi 6E/7 support and operate in 802.11ax-only mode if available, though this reduces performance. (5) Network-level: update network security policies to monitor for malformed beacon frames, though this provides limited protection. Specific patch versions are not available in the provided data; vendors should publish security advisories with exact version numbers. Users should check the CVE database at NVD, vendor security pages (Broadcom, Qualcomm, Intel, etc.), and their device manufacturer's support portal for patch availability.

CVE-2026-21385 HIGH POC
7.8 Mar 02

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo

CVE-2023-33025 CRITICAL
9.8 Jan 02

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. Rated critical severity (CVSS 9.8), t

CVE-2024-33066 CRITICAL
9.8 Oct 07

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2024-21480 CRITICAL
9.8 May 06

Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vul

CVE-2024-21473 CRITICAL
9.8 Apr 01

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2024-21463 CRITICAL
9.8 Apr 01

Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this

CVE-2023-33083 CRITICAL
9.8 Dec 05

Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-33082 CRITICAL
9.8 Dec 05

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve

CVE-2023-33045 CRITICAL
9.8 Nov 07

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity

CVE-2023-22388 CRITICAL
9.8 Nov 07

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v

CVE-2023-33028 CRITICAL
9.8 Oct 03

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vuln

CVE-2023-24855 CRITICAL
9.8 Oct 03

Memory corruption in Modem while processing security related configuration before AS Security Exchange. Rated critical s

Share

CVE-2025-21463 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy