The vulnerability is a buffer over-read that can be triggered when a device receives a service data frame larger than expected during device matching over the neighborhood awareness network protocol. According to the official description, the over-read can cause a transient denial of service, rebooting or halting the WLAN firmware. The weakness is identified as CWE‑126 and, if exploited, would deny normal WLAN operation for the affected device, potentially disrupting any networked services relying on it.

Qualcomm wireless products, including a broad range of Snapdragon mobile platforms and their associated firmware such as the Snapdragon 6 Gen 1, 6 Gen 3, 6 Gen 4, 7S Gen 3, 8 Elite 5G, and many Wi‑Fi and modem variants (e.g., fastconnect 6200, fastconnect 6700, safe, wcd92xx, wcn78xx). The advisory lists hundreds of firmware CPEs but does not specify exact version ranges, so any of the listed devices with a firmware build from the affected family may be impacted.

The CVSS v3 score of 7.6 indicates a high risk of causing a denial of service. The EPSS score is reported as under 1 %, implying a low probability of automated exploitation in the near term, and the vulnerability is not currently in CISA’s KEV catalog. The probable attack vector would involve an attacker on the same WLAN or nearby network able to transmit a maliciously crafted service data frame to the victim device. Because the protocol operates at layer 2/3 of the WLAN stack, physical proximity or compromised network infrastructure could be sufficient.