The vulnerability allows a buffer over‑read when the WLAN host processes advertisement frames containing malformed MBSSID elements that are too short. This over‑read can expose sensitive data stored in adjacent memory, leading to an information disclosure. The flaw is a classic CWE-126 scenario where bounds checking is insufficient.

Qualcomm Snapdragon devices and related host firmware that handle WLAN advertisement frames are affected. Specific product revisions are not listed, so all Snapdragon implementations that process MBSSID elements may be impacted.

The CVSS score of 5.5 indicates moderate severity, and no EPSS value is provided. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely involve sending specially crafted wireless advertisement frames to the target device, which requires proximity and the ability to transmit frames on the same wireless network. The risk is therefore limited to devices that accept such frames from external sources.