Skip to main content

Apq8064au Firmware CVE-2025-27074

HIGH
Incorrect Calculation of Buffer Size (CWE-131)
2025-11-04 product-security@qualcomm.com
Buffer Overflow Apq8064au Firmware Csr8811 Firmware Immersive Home 214 Platform Firmware Immersive Home 216 Platform Firmware Immersive Home 316 Platform Firmware Immersive Home 318 Platform Firmware Ipq5010 Firmware Ipq5028 Firmware Ipq8070 Firmware Ipq8070a Firmware Ipq8071 Firmware Ipq8071a Firmware Ipq8072 Firmware Ipq8072a Firmware Ipq8074 Firmware Ipq8074a Firmware Ipq8076 Firmware Ipq8076a Firmware Ipq8078 Firmware Ipq8078a Firmware Ipq8173 Firmware Ipq8174 Firmware Ipq9008 Firmware Ipq9574 Firmware Mdm9640 Firmware Mdm9650 Firmware Msm8996au Firmware Pmp8074 Firmware Qca4024 Firmware Qca6174a Firmware Qca6234 Firmware Qca6310 Firmware Qca6320 Firmware Qca6428 Firmware Qca6438 Firmware Qca6564a Firmware Qca6564au Firmware Qca6574 Firmware Qca6574a Firmware Qca6574au Firmware Qca6584au Firmware Qca6694 Firmware Qca8072 Firmware Qca8075 Firmware Qca8081 Firmware Qca9888 Firmware Qca9889 Firmware Qca9984 Firmware Qcn5022 Firmware Qcn5024 Firmware Qcn5052 Firmware Qcn5054 Firmware Qcn5064 Firmware Qcn5122 Firmware Qcn5124 Firmware Qcn5152 Firmware Qcn5154 Firmware Qcn5164 Firmware Qcn5550 Firmware Qcn6023 Firmware Qcn6024 Firmware Qcn6100 Firmware Qcn6102 Firmware Qcn6112 Firmware Qcn6122 Firmware Qcn6132 Firmware Qcn9000 Firmware Qcn9001 Firmware Qcn9002 Firmware Qcn9003 Firmware Qcn9012 Firmware Qcn9022 Firmware Qcn9024 Firmware Qcn9070 Firmware Qcn9072 Firmware Qcn9074 Firmware Qcn9100 Firmware Qcn9274 Firmware Sd820 Firmware Sd821 Firmware Sdm429w Firmware Sdx55 Firmware Snapdragon 429 Mobile Platform Firmware Snapdragon 820 Automotive Platform Firmware Snapdragon 820 Mobile Platform Firmware Snapdragon 821 Mobile Platform Firmware Snapdragon Wear 4100 Platform Firmware Wcd9335 Firmware Wcn3610 Firmware Wcn3620 Firmware Wcn3660b Firmware Wcn3680b Firmware Wcn3980 Firmware Wsa8810 Firmware Wsa8815 Firmware
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:20 vuln.today
CVE Published
Nov 04, 2025 - 04:15 nvd
HIGH 8.8

DescriptionCVE.org

Memory corruption while processing a GP command response.

AnalysisAI

Memory corruption while processing a GP command response. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-131. Affected products include: Qualcomm Apq8064Au Firmware, Qualcomm Csr8811 Firmware, Qualcomm Immersive Home 214 Platform Firmware, Qualcomm Immersive Home 216 Platform Firmware, Qualcomm Immersive Home 316 Platform Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-45552 HIGH
8.2 Apr 07

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

CVE-2025-21427 HIGH
8.2 Jul 08

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

CVE-2025-21430 HIGH
7.5 Apr 07

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high se

CVE-2025-21429 HIGH
7.5 Apr 07

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5

CVE-2025-47318 HIGH
7.5 Sep 24

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this

CVE-2025-21454 HIGH
7.5 Jul 08

Transient DOS while processing received beacon frame.

CVE-2025-21449 HIGH
7.5 Jul 08

Transient DOS may occur while processing malformed length field in SSID IEs.

CVE-2025-21487 HIGH
8.2 Sep 24

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is great

CVE-2025-21484 HIGH
8.2 Sep 24

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments f

CVE-2025-21483 CRITICAL
9.8 Sep 24

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. Rated critical se

Share

CVE-2025-27074 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy