Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
When receiving an RTP packet from the network, the device proceeds to assemble NALU units (Network Abstraction Layer Units). During this operation, improper memory management occurs — lack of proper buffer boundary validation (CWE-119) leads to memory corruption. An attacker can send a specially crafted RTP packet to trigger this error remotely, without requiring user interaction or elevated privileges.
An attacker can achieve arbitrary code execution (RCE) on the vulnerable device or cause its failure, resulting in complete violation of system confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to references — details are contained in the Qualcomm security bulletin from September 2025: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html
Qualcomm Fastconnect 6800, Qualcomm WCN6450 Firmware, Qualcomm QCM4325 Firmware, Qualcomm Snapdragon 636 Mobile Platform Firmware, Qualcomm WSA8845H Firmware — specific versions indicated in manufacturer references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQualcomm Apq8017
HWQualcommwszystkie wersjeQualcomm Apq8017 Firmware
OSQualcommwszystkie wersjeQualcomm Apq8064au
HWQualcommwszystkie wersjeQualcomm Apq8064au Firmware
OSQualcommwszystkie wersjeQualcomm Aqt1000
HWQualcommwszystkie wersjeQualcomm Aqt1000 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6200
HWQualcommwszystkie wersjeQualcomm Fastconnect 6200 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6700
HWQualcommwszystkie wersjeQualcomm Fastconnect 6700 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6800
HWQualcommwszystkie wersjeQualcomm Fastconnect 6800 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6900
HWQualcommwszystkie wersjeQualcomm Fastconnect 6900 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 7800
HWQualcommwszystkie wersjeQualcomm Fastconnect 7800 Firmware
OSQualcommwszystkie wersjeQualcomm Msm8996au
HWQualcommwszystkie wersjeQualcomm Msm8996au Firmware
OSQualcommwszystkie wersjeQualcomm Qam8255p
HWQualcommwszystkie wersjeQualcomm Qam8255p Firmware
OSQualcommwszystkie wersjeQualcomm Qam8295p
HWQualcommwszystkie wersjeQualcomm Qam8295p Firmware
OSQualcommwszystkie wersjeQualcomm Qam8620p
HWQualcommwszystkie wersjeQualcomm Qam8620p Firmware
OSQualcommwszystkie wersjeQualcomm Qam8650p
HWQualcommwszystkie wersjeQualcomm Qam8650p Firmware
OSQualcommwszystkie wersjeQualcomm Qam8775p
HWQualcommwszystkie wersjeQualcomm Qam8775p Firmware
OSQualcommwszystkie wersjeQualcomm Qamsrv1h
HWQualcommwszystkie wersjeQualcomm Qamsrv1h Firmware
OSQualcommwszystkie wersje
Related vulnerabilities
Qualcomm: Memory Corruption przy ładowaniu uszkodzonego obrazu ELF
Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR
Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania
Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware
Qualcomm: Nieprawidłowy dostęp do pamięci przy dekodowaniu VP9 (sprzętowe)