CVE-2025-21476 | THREATINT

Description

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

PUBLISHED Reserved 2024-12-18 | Published 2025-09-24 | Updated 2025-09-25 | Assigner qualcomm

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status

unaffected

QCM5430

affected

QCM6490

affected

QCM8550

affected

QCS5430

affected

QCS615

affected

QCS6490

affected

QCS8550

affected

QCS9100

affected

SG8275

affected

SG8275P

affected

SM6650

affected

SM7635

affected

SM7675

affected

SM7675P

affected

SM8550

affected

SM8550P

affected

SM8635

affected

SM8635P

affected

SM8650

affected

SM8650P

affected

SM8650Q

affected

SM8750

affected

SM8750P

affected

SXR2330P

affected

QCA6391

affected

QCA6698AQ

affected

QCN9011

affected

QCN9012

affected

QCN9274

affected

WCN3910

affected

WCN3950

affected

WCN6650

affected

WCN6750

affected

WCN6755

affected

WCN6855

affected

WCN6856

affected

WCN7850

affected

WCN7851

affected

WCN7860

affected

WCN7861

affected

WCN7880

affected

WCN7881

affected

References

docs.qualcomm.com/...tybulletin/september-2025-bulletin.html

cve.org (CVE-2025-21476)

nvd.nist.gov (CVE-2025-21476)

Download JSON

help @ threatint.eu