Severity by source
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
AnalysisAI
Qualcomm Snapdragon chipsets improperly parse 802.11 advertisement frames containing malformed MBSSID (Multiple BSSID) elements of insufficient length, triggering a buffer over-read that discloses memory contents to an attacker. The CVSS vector (AV:N/AC:H/PR:L/UI:R/S:C) indicates network-reachable exploitation with changed scope, meaning the impact crosses beyond the Wi-Fi subsystem into adjacent components. No public exploit identified at time of analysis, and no CISA KEV listing exists; Qualcomm addressed this in their June 2026 Security Bulletin.
Technical ContextAI
The MBSSID (Multiple Basic Service Set Identifier) element is an IEEE 802.11ax (Wi-Fi 6) feature enabling a single physical access point to advertise multiple virtual BSSIDs within a single beacon or probe response frame. The affected Qualcomm Snapdragon Wi-Fi firmware or driver code (CPE: cpe:2.3:a:qualcomm,_inc.:snapdragon:*:*:*:*:*:*:*:*) fails to validate that the declared length of an MBSSID element matches the actual data present before reading from it. This produces a CWE-126 (Buffer Over-read) condition: the parser reads beyond the end of the element's allocated buffer, potentially exposing adjacent heap or stack memory. The 'Buffer Overflow' tag in the intelligence source may reflect the broader vulnerability class or a related write-path issue, but the CWE-126 root cause is a read-side overrun, consistent with the Information Disclosure primary impact. Changed scope (S:C) in the CVSS vector suggests that the leaked data or the over-read itself can affect components outside the immediate Wi-Fi parsing component, such as the OS networking stack or application-layer security boundaries.
RemediationAI
The primary remediation is to apply the patches released by Qualcomm in the June 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html). Exact patched firmware or driver versions are not independently confirmed from the available CPE data - the bulletin should be consulted for device-specific fix versions. OEM device manufacturers who integrate Snapdragon chipsets must incorporate and distribute these patches via their own firmware update mechanisms; end users should apply any available device firmware or OS updates from their device vendor. As a compensating control where patching is not immediately available, restricting device operation to trusted wireless environments reduces exposure to crafted beacon frames - specifically, disabling automatic Wi-Fi scanning or passive frame processing in untrusted public environments limits the attack surface, though this significantly degrades usability. There is no indication of a simpler configuration-level workaround such as disabling MBSSID support independently. No vendor advisory beyond the Qualcomm bulletin has been identified at time of analysis.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210022
GHSA-4728-c4x2-h2qm