Qca4024 Firmware
CVE-2025-21464
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Information disclosure while reading data from an image using specified offset and size parameters.
AnalysisAI
Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Information disclosure while reading data from an image using specified offset and size parameters. Affected products include: Qualcomm Qcm4490 Firmware, Qualcomm Qcm5430 Firmware, Qualcomm Qcm6125 Firmware, Qualcomm Qcm6490 Firmware, Qualcomm Qcm8550 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Qca4024 Firmware
View allMemory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)
Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)
Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vuln
Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon
Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdra
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Sna
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap
Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today