Impact
A stack‑based buffer overflow occurs in Qualcomm’s Snapdragon WLAN host code when processing malformed HT40 channel layouts during dynamic channel switching. This memory corruption can corrupt the stack on the device. The official description indicates that this may lead to a crash or loss of service, but it does not provide evidence of arbitrary code execution.
Affected Systems
Qualcomm Snapdragon wireless platforms are affected. No specific firmware or product version numbers are listed, but all Snapdragon devices that implement dynamic channel switching may be vulnerable unless mitigated by a vendor update.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity. The EPSS score of < 1% shows a very low but non‑zero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Attackers could trigger the overflow by transmitting crafted Wi‑Fi frames that invoke an invalid HT40 channel layout, a likely remote attack vector from a nearby device or through an open network. The overflow could ultimately lead to a crash, loss of confidentiality, integrity issues, or other destructive outcomes.
OpenCVE Enrichment