CVE-2025-21446

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows a denial-of-service (DoS) condition in Qualcomm wireless LAN (WLAN) chipsets when processing vendor-specific information elements in BTM (BSS Transition Management) request frames. An attacker can send specially crafted WLAN frames to cause temporary service disruption. Affected systems include devices with vulnerable Qualcomm WLAN chipsets.

💻 Affected Systems

Products:

• Qualcomm WLAN chipsets and devices using them

Versions: Specific versions not publicly detailed in initial advisory

Operating Systems: Android, Linux, and other OS using Qualcomm WLAN drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with BTM (802.11v) capability enabled. Mobile devices, IoT devices, and networking equipment using affected Qualcomm chipsets are vulnerable.

📦 What is this software?

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Ar9380 Firmware by Qualcomm

View all CVEs affecting Ar9380 Firmware →

Csr8811 Firmware by Qualcomm

View all CVEs affecting Csr8811 Firmware →

Fastconnect 6700 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6700 Firmware →

Fastconnect 6800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6800 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Immersive Home 214 Firmware by Qualcomm

View all CVEs affecting Immersive Home 214 Firmware →

Immersive Home 216 Firmware by Qualcomm

View all CVEs affecting Immersive Home 216 Firmware →

Immersive Home 316 Firmware by Qualcomm

View all CVEs affecting Immersive Home 316 Firmware →

Immersive Home 318 Firmware by Qualcomm

View all CVEs affecting Immersive Home 318 Firmware →

Ipq5010 Firmware by Qualcomm

View all CVEs affecting Ipq5010 Firmware →

Ipq5028 Firmware by Qualcomm

View all CVEs affecting Ipq5028 Firmware →

Ipq5332 Firmware by Qualcomm

View all CVEs affecting Ipq5332 Firmware →

Ipq6000 Firmware by Qualcomm

View all CVEs affecting Ipq6000 Firmware →

Ipq6010 Firmware by Qualcomm

View all CVEs affecting Ipq6010 Firmware →

Ipq6018 Firmware by Qualcomm

View all CVEs affecting Ipq6018 Firmware →

Ipq6028 Firmware by Qualcomm

View all CVEs affecting Ipq6028 Firmware →

Ipq8064 Firmware by Qualcomm

View all CVEs affecting Ipq8064 Firmware →

Ipq8065 Firmware by Qualcomm

View all CVEs affecting Ipq8065 Firmware →

Ipq8068 Firmware by Qualcomm

View all CVEs affecting Ipq8068 Firmware →

Ipq8070a Firmware by Qualcomm

View all CVEs affecting Ipq8070a Firmware →

Ipq8071a Firmware by Qualcomm

View all CVEs affecting Ipq8071a Firmware →

Ipq8072a Firmware by Qualcomm

View all CVEs affecting Ipq8072a Firmware →

Ipq8074a Firmware by Qualcomm

View all CVEs affecting Ipq8074a Firmware →

Ipq8076 Firmware by Qualcomm

View all CVEs affecting Ipq8076 Firmware →

Ipq8076a Firmware by Qualcomm

View all CVEs affecting Ipq8076a Firmware →

Ipq8078 Firmware by Qualcomm

View all CVEs affecting Ipq8078 Firmware →

Ipq8078a Firmware by Qualcomm

View all CVEs affecting Ipq8078a Firmware →

Ipq8173 Firmware by Qualcomm

View all CVEs affecting Ipq8173 Firmware →

Ipq8174 Firmware by Qualcomm

View all CVEs affecting Ipq8174 Firmware →

Ipq9008 Firmware by Qualcomm

View all CVEs affecting Ipq9008 Firmware →

Ipq9048 Firmware by Qualcomm

View all CVEs affecting Ipq9048 Firmware →

Ipq9554 Firmware by Qualcomm

View all CVEs affecting Ipq9554 Firmware →

Ipq9570 Firmware by Qualcomm

View all CVEs affecting Ipq9570 Firmware →

Ipq9574 Firmware by Qualcomm

View all CVEs affecting Ipq9574 Firmware →

Qam8255p Firmware by Qualcomm

View all CVEs affecting Qam8255p Firmware →

Qam8295p Firmware by Qualcomm

View all CVEs affecting Qam8295p Firmware →

Qam8620p Firmware by Qualcomm

View all CVEs affecting Qam8620p Firmware →

Qam8650p Firmware by Qualcomm

View all CVEs affecting Qam8650p Firmware →

Qam8775p Firmware by Qualcomm

View all CVEs affecting Qam8775p Firmware →

Qamsrv1h Firmware by Qualcomm

View all CVEs affecting Qamsrv1h Firmware →

Qamsrv1m Firmware by Qualcomm

View all CVEs affecting Qamsrv1m Firmware →

Qca0000 Firmware by Qualcomm

View all CVEs affecting Qca0000 Firmware →

Qca2062 Firmware by Qualcomm

View all CVEs affecting Qca2062 Firmware →

Qca2064 Firmware by Qualcomm

View all CVEs affecting Qca2064 Firmware →

Qca2065 Firmware by Qualcomm

View all CVEs affecting Qca2065 Firmware →

Qca2066 Firmware by Qualcomm

View all CVEs affecting Qca2066 Firmware →

Qca4024 Firmware by Qualcomm

View all CVEs affecting Qca4024 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6421 Firmware by Qualcomm

View all CVEs affecting Qca6421 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6431 Firmware by Qualcomm

View all CVEs affecting Qca6431 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6554a Firmware by Qualcomm

View all CVEs affecting Qca6554a Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574 Firmware by Qualcomm

View all CVEs affecting Qca6574 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595 Firmware by Qualcomm

View all CVEs affecting Qca6595 Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6678aq Firmware by Qualcomm

View all CVEs affecting Qca6678aq Firmware →

Qca6688aq Firmware by Qualcomm

View all CVEs affecting Qca6688aq Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qca6698au Firmware by Qualcomm

View all CVEs affecting Qca6698au Firmware →

Qca6777aq Firmware by Qualcomm

View all CVEs affecting Qca6777aq Firmware →

Qca6787aq Firmware by Qualcomm

View all CVEs affecting Qca6787aq Firmware →

Qca6797aq Firmware by Qualcomm

View all CVEs affecting Qca6797aq Firmware →

Qca8072 Firmware by Qualcomm

View all CVEs affecting Qca8072 Firmware →

Qca8075 Firmware by Qualcomm

View all CVEs affecting Qca8075 Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8082 Firmware by Qualcomm

View all CVEs affecting Qca8082 Firmware →

Qca8084 Firmware by Qualcomm

View all CVEs affecting Qca8084 Firmware →

Qca8085 Firmware by Qualcomm

View all CVEs affecting Qca8085 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qca8386 Firmware by Qualcomm

View all CVEs affecting Qca8386 Firmware →

Qca9886 Firmware by Qualcomm

View all CVEs affecting Qca9886 Firmware →

Qca9888 Firmware by Qualcomm

View all CVEs affecting Qca9888 Firmware →

Qca9889 Firmware by Qualcomm

View all CVEs affecting Qca9889 Firmware →

Qca9980 Firmware by Qualcomm

View all CVEs affecting Qca9980 Firmware →

Qca9984 Firmware by Qualcomm

View all CVEs affecting Qca9984 Firmware →

Qca9985 Firmware by Qualcomm

View all CVEs affecting Qca9985 Firmware →

Qca9986 Firmware by Qualcomm

View all CVEs affecting Qca9986 Firmware →

Qca9990 Firmware by Qualcomm

View all CVEs affecting Qca9990 Firmware →

Qca9992 Firmware by Qualcomm

View all CVEs affecting Qca9992 Firmware →

Qca9994 Firmware by Qualcomm

View all CVEs affecting Qca9994 Firmware →

Qcc2073 Firmware by Qualcomm

View all CVEs affecting Qcc2073 Firmware →

Qcc2076 Firmware by Qualcomm

View all CVEs affecting Qcc2076 Firmware →

Qcc710 Firmware by Qualcomm

View all CVEs affecting Qcc710 Firmware →

Qcf8000 Firmware by Qualcomm

View all CVEs affecting Qcf8000 Firmware →

Qcf8001 Firmware by Qualcomm

View all CVEs affecting Qcf8001 Firmware →

Qcm4490 Firmware by Qualcomm

View all CVEs affecting Qcm4490 Firmware →

Qcm5430 Firmware by Qualcomm

View all CVEs affecting Qcm5430 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcm8550 Firmware by Qualcomm

View all CVEs affecting Qcm8550 Firmware →

Qcn5022 Firmware by Qualcomm

View all CVEs affecting Qcn5022 Firmware →

Qcn5024 Firmware by Qualcomm

View all CVEs affecting Qcn5024 Firmware →

Qcn5052 Firmware by Qualcomm

View all CVEs affecting Qcn5052 Firmware →

Qcn5054 Firmware by Qualcomm

View all CVEs affecting Qcn5054 Firmware →

Qcn5122 Firmware by Qualcomm

View all CVEs affecting Qcn5122 Firmware →

Qcn5124 Firmware by Qualcomm

View all CVEs affecting Qcn5124 Firmware →

Qcn5152 Firmware by Qualcomm

View all CVEs affecting Qcn5152 Firmware →

Qcn5154 Firmware by Qualcomm

View all CVEs affecting Qcn5154 Firmware →

Qcn5164 Firmware by Qualcomm

View all CVEs affecting Qcn5164 Firmware →

Qcn6023 Firmware by Qualcomm

View all CVEs affecting Qcn6023 Firmware →

Qcn6024 Firmware by Qualcomm

View all CVEs affecting Qcn6024 Firmware →

Qcn6100 Firmware by Qualcomm

View all CVEs affecting Qcn6100 Firmware →

Qcn6102 Firmware by Qualcomm

View all CVEs affecting Qcn6102 Firmware →

Qcn6112 Firmware by Qualcomm

View all CVEs affecting Qcn6112 Firmware →

Qcn6122 Firmware by Qualcomm

View all CVEs affecting Qcn6122 Firmware →

Qcn6132 Firmware by Qualcomm

View all CVEs affecting Qcn6132 Firmware →

Qcn6224 Firmware by Qualcomm

View all CVEs affecting Qcn6224 Firmware →

Qcn6274 Firmware by Qualcomm

View all CVEs affecting Qcn6274 Firmware →

Qcn9000 Firmware by Qualcomm

View all CVEs affecting Qcn9000 Firmware →

Qcn9001 Firmware by Qualcomm

View all CVEs affecting Qcn9001 Firmware →

Qcn9002 Firmware by Qualcomm

View all CVEs affecting Qcn9002 Firmware →

Qcn9003 Firmware by Qualcomm

View all CVEs affecting Qcn9003 Firmware →

Qcn9011 Firmware by Qualcomm

View all CVEs affecting Qcn9011 Firmware →

Qcn9012 Firmware by Qualcomm

View all CVEs affecting Qcn9012 Firmware →

Qcn9022 Firmware by Qualcomm

View all CVEs affecting Qcn9022 Firmware →

Qcn9024 Firmware by Qualcomm

View all CVEs affecting Qcn9024 Firmware →

Qcn9070 Firmware by Qualcomm

View all CVEs affecting Qcn9070 Firmware →

Qcn9072 Firmware by Qualcomm

View all CVEs affecting Qcn9072 Firmware →

Qcn9074 Firmware by Qualcomm

View all CVEs affecting Qcn9074 Firmware →

Qcn9100 Firmware by Qualcomm

View all CVEs affecting Qcn9100 Firmware →

Qcn9274 Firmware by Qualcomm

View all CVEs affecting Qcn9274 Firmware →

Qcs4490 Firmware by Qualcomm

View all CVEs affecting Qcs4490 Firmware →

Qcs5430 Firmware by Qualcomm

View all CVEs affecting Qcs5430 Firmware →

Qcs615 Firmware by Qualcomm

View all CVEs affecting Qcs615 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qcs8300 Firmware by Qualcomm

View all CVEs affecting Qcs8300 Firmware →

Qcs8550 Firmware by Qualcomm

View all CVEs affecting Qcs8550 Firmware →

Qcs9100 Firmware by Qualcomm

View all CVEs affecting Qcs9100 Firmware →

Qep8111 Firmware by Qualcomm

View all CVEs affecting Qep8111 Firmware →

Qfw7114 Firmware by Qualcomm

View all CVEs affecting Qfw7114 Firmware →

Qfw7124 Firmware by Qualcomm

View all CVEs affecting Qfw7124 Firmware →

Qmp1000 Firmware by Qualcomm

View all CVEs affecting Qmp1000 Firmware →

Qsm8350 Firmware by Qualcomm

View all CVEs affecting Qsm8350 Firmware →

Sa6155p Firmware by Qualcomm

View all CVEs affecting Sa6155p Firmware →

Sa7255p Firmware by Qualcomm

View all CVEs affecting Sa7255p Firmware →

Sa7775p Firmware by Qualcomm

View all CVEs affecting Sa7775p Firmware →

Sa8155p Firmware by Qualcomm

View all CVEs affecting Sa8155p Firmware →

Sa8195p Firmware by Qualcomm

View all CVEs affecting Sa8195p Firmware →

Sa8255p Firmware by Qualcomm

View all CVEs affecting Sa8255p Firmware →

Sa8295p Firmware by Qualcomm

View all CVEs affecting Sa8295p Firmware →

Sa8620p Firmware by Qualcomm

View all CVEs affecting Sa8620p Firmware →

Sa8650p Firmware by Qualcomm

View all CVEs affecting Sa8650p Firmware →

Sa8770p Firmware by Qualcomm

View all CVEs affecting Sa8770p Firmware →

Sa8775p Firmware by Qualcomm

View all CVEs affecting Sa8775p Firmware →

Sa9000p Firmware by Qualcomm

View all CVEs affecting Sa9000p Firmware →

Sc8280xp Abbb Firmware by Qualcomm

View all CVEs affecting Sc8280xp Abbb Firmware →

Sc8380xp Firmware by Qualcomm

View all CVEs affecting Sc8380xp Firmware →

Sd 8 Gen1 5g Firmware by Qualcomm

View all CVEs affecting Sd 8 Gen1 5g Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd888 Firmware by Qualcomm

View all CVEs affecting Sd888 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx61 Firmware by Qualcomm

View all CVEs affecting Sdx61 Firmware →

Sg8275p Firmware by Qualcomm

View all CVEs affecting Sg8275p Firmware →

Sm6650 Firmware by Qualcomm

View all CVEs affecting Sm6650 Firmware →

Sm6650p Firmware by Qualcomm

View all CVEs affecting Sm6650p Firmware →

Sm7315 Firmware by Qualcomm

View all CVEs affecting Sm7315 Firmware →

Sm7325p Firmware by Qualcomm

View all CVEs affecting Sm7325p Firmware →

Sm7635 Firmware by Qualcomm

View all CVEs affecting Sm7635 Firmware →

Sm7635p Firmware by Qualcomm

View all CVEs affecting Sm7635p Firmware →

Sm7675 Firmware by Qualcomm

View all CVEs affecting Sm7675 Firmware →

Sm7675p Firmware by Qualcomm

View all CVEs affecting Sm7675p Firmware →

Sm8550p Firmware by Qualcomm

View all CVEs affecting Sm8550p Firmware →

Sm8635 Firmware by Qualcomm

View all CVEs affecting Sm8635 Firmware →

Sm8635p Firmware by Qualcomm

View all CVEs affecting Sm8635p Firmware →

Sm8650q Firmware by Qualcomm

View all CVEs affecting Sm8650q Firmware →

Sm8735 Firmware by Qualcomm

View all CVEs affecting Sm8735 Firmware →

Sm8750 Firmware by Qualcomm

View all CVEs affecting Sm8750 Firmware →

Sm8750p Firmware by Qualcomm

View all CVEs affecting Sm8750p Firmware →

Snapdragon 778g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 778g 5g Mobile Firmware →

Snapdragon 778g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 778g 5g Mobile Firmware →

Snapdragon 780g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 780g 5g Mobile Firmware →

Snapdragon 782g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 782g Mobile Firmware →

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Firmware →

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Firmware →

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Firmware →

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Firmware →

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 3 Mobile Firmware →

Snapdragon 865 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Firmware →

Snapdragon 865 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Firmware →

Snapdragon 870 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 870 5g Mobile Firmware →

Snapdragon 888 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 888 5g Mobile Firmware →

Snapdragon 888 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 888 5g Mobile Firmware →

Snapdragon Ar1 Gen 1 Firmware by Qualcomm

View all CVEs affecting Snapdragon Ar1 Gen 1 Firmware →

Snapdragon Ar2 Gen 1 Firmware by Qualcomm

View all CVEs affecting Snapdragon Ar2 Gen 1 Firmware →

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →

Snapdragon X32 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X32 5g Modem Rf Firmware →

Snapdragon X35 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X35 5g Modem Rf Firmware →

Snapdragon X55 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X55 5g Modem Rf Firmware →

Snapdragon X62 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X62 5g Modem Rf Firmware →

Snapdragon X65 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X65 5g Modem Rf Firmware →

Snapdragon X72 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X72 5g Modem Rf Firmware →

Snapdragon X75 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X75 5g Modem Rf Firmware →

Snapdragon Xr2 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr2 5g Firmware →

Srv1h Firmware by Qualcomm

View all CVEs affecting Srv1h Firmware →

Srv1l Firmware by Qualcomm

View all CVEs affecting Srv1l Firmware →

Srv1m Firmware by Qualcomm

View all CVEs affecting Srv1m Firmware →

Ssg2115p Firmware by Qualcomm

View all CVEs affecting Ssg2115p Firmware →

Ssg2125p Firmware by Qualcomm

View all CVEs affecting Ssg2125p Firmware →

Sxr1230p Firmware by Qualcomm

View all CVEs affecting Sxr1230p Firmware →

Sxr2130 Firmware by Qualcomm

View all CVEs affecting Sxr2130 Firmware →

Sxr2230p Firmware by Qualcomm

View all CVEs affecting Sxr2230p Firmware →

Sxr2250p Firmware by Qualcomm

View all CVEs affecting Sxr2250p Firmware →

Sxr2330p Firmware by Qualcomm

View all CVEs affecting Sxr2330p Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9378 Firmware by Qualcomm

View all CVEs affecting Wcd9378 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcd9390 Firmware by Qualcomm

View all CVEs affecting Wcd9390 Firmware →

Wcd9395 Firmware by Qualcomm

View all CVEs affecting Wcd9395 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn6450 Firmware by Qualcomm

View all CVEs affecting Wcn6450 Firmware →

Wcn6650 Firmware by Qualcomm

View all CVEs affecting Wcn6650 Firmware →

Wcn6740 Firmware by Qualcomm

View all CVEs affecting Wcn6740 Firmware →

Wcn6755 Firmware by Qualcomm

View all CVEs affecting Wcn6755 Firmware →

Wcn7750 Firmware by Qualcomm

View all CVEs affecting Wcn7750 Firmware →

Wcn7860 Firmware by Qualcomm

View all CVEs affecting Wcn7860 Firmware →

Wcn7861 Firmware by Qualcomm

View all CVEs affecting Wcn7861 Firmware →

Wcn7880 Firmware by Qualcomm

View all CVEs affecting Wcn7880 Firmware →

Wcn7881 Firmware by Qualcomm

View all CVEs affecting Wcn7881 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8832 Firmware by Qualcomm

View all CVEs affecting Wsa8832 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete wireless network disruption for affected devices, requiring reboot or reconnection to restore functionality.

🟠

Likely Case

Temporary wireless connectivity loss or degraded performance on affected devices until the malformed frame processing completes.

🟢

If Mitigated

Minimal impact with proper network segmentation and wireless intrusion prevention systems in place.

🌐 Internet-Facing: MEDIUM - Requires proximity to wireless network but can affect internet-facing wireless access points.

🏢 Internal Only: MEDIUM - Internal wireless networks are vulnerable if attacker gains physical or wireless access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed WLAN frames to target devices. No authentication needed but requires wireless network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm July 2025 security bulletin for specific chipset firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain updated firmware from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to activate new firmware.

🔧 Temporary Workarounds

Disable BTM (802.11v) capability

linux

Disable BSS Transition Management feature on wireless access points to prevent processing of vulnerable frames

Copy

# On Linux AP: iw dev wlan0 set bss_transition 0
# Check current: iw dev wlan0 info | grep bss_transition

Implement wireless intrusion prevention

all

Configure WIPS to detect and block malformed vendor-specific information elements in WLAN frames

🧯 If You Can't Patch

• Segment wireless networks to limit blast radius of potential DoS attacks
• Implement strict wireless client isolation to prevent frame propagation between devices

🔍 How to Verify

Check if Vulnerable:

Copy

Check device specifications for Qualcomm WLAN chipset and consult manufacturer security advisories

Check Version:

Copy

# Android: getprop ro.boot.wlan.chip.version
# Linux: dmesg | grep -i qualcomm

Verify Fix Applied:

Copy

Verify firmware version matches or exceeds patched version from Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

• Wireless driver crash logs
• Unexpected WLAN disconnections
• BTM request processing errors

Network Indicators:

• Unusual vendor-specific IE in WLAN frames
• Excessive BTM request frames from single source

SIEM Query:

Copy

source="wireless_controller" AND (vendor_specific_ie OR btm_request) AND error

📊 Metadata

CVE ID: CVE-2025-21446

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

EPSS Score: 0.07% exploit probability (21.2th percentile)

Published: July 8, 2025

Last Updated: August 11, 2025

🔗 References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21446, you might also want to check these:

CVE-2017-17772 9.8

This vulnerability allows attackers to perform out-of-bounds reads in 802.11 frame processing functi...

Same vulnerability type (CWE-126)

CVE-2023-36397 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by ...

Same vulnerability type (CWE-126)

CVE-2021-34584 9.1

CVE-2021-34584 is a buffer over-read vulnerability in the CODESYS V2 web server that allows attacker...

Same vulnerability type (CWE-126)