CVE-2022-25736: Buffer Over-read in WLAN in Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
AI Analysis
Technical Summary
CVE-2022-25736 is a high-severity vulnerability classified as a buffer over-read (CWE-125) affecting a broad range of Qualcomm Snapdragon platforms, including Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking products. The vulnerability arises from an out-of-bounds read occurring during the processing of Very High Throughput (VHT) action frames within the WLAN (Wireless Local Area Network) component of these Snapdragon chipsets. Specifically, when the WLAN subsystem processes malformed or malicious VHT action frames, it may read memory beyond the allocated buffer boundaries. This can lead to a denial of service (DoS) condition, causing the affected device or system to crash or become unresponsive. The vulnerability does not impact confidentiality or integrity directly but affects availability by disrupting WLAN functionality. The CVSS v3.1 base score is 7.5 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). The affected versions cover a wide range of Qualcomm chipsets and modules, including many popular Snapdragon mobile SoCs (e.g., SD 8 Gen1 5G, SD 888, SD 865 5G), IoT modules, automotive platforms, and connectivity chips. No known exploits in the wild have been reported to date, and no official patches are linked in the provided data, suggesting that mitigation may rely on vendor firmware updates or network-level protections. The vulnerability is significant due to the extensive deployment of Qualcomm Snapdragon chipsets in consumer electronics, mobile devices, automotive systems, and IoT devices worldwide. Attackers can exploit this remotely over the network without authentication or user interaction, increasing the risk of widespread disruption.
Potential Impact
For European organizations, the impact of CVE-2022-25736 can be substantial, especially for sectors relying heavily on Qualcomm Snapdragon-based devices and infrastructure. Mobile devices using Snapdragon chipsets are ubiquitous among employees, and many IoT deployments in industrial, automotive, and consumer environments utilize affected Qualcomm modules. A successful exploitation could lead to denial of service of WLAN connectivity, disrupting business operations, communications, and critical IoT functions. In automotive contexts, affected Snapdragon Auto platforms could experience connectivity failures, potentially impacting vehicle telematics, infotainment, or safety-related communications. Industrial IoT deployments relying on Snapdragon Industrial IoT modules may face operational downtime or degraded monitoring and control capabilities. The lack of confidentiality or integrity impact reduces risks of data breaches but the availability disruption can affect productivity, safety, and service continuity. Given the remote, unauthenticated nature of the exploit, attackers could launch denial of service attacks from within wireless range or through compromised network segments, posing risks to enterprise Wi-Fi networks and connected devices. Organizations with large deployments of Qualcomm-based devices, especially in critical infrastructure, automotive fleets, or IoT ecosystems, should consider this vulnerability a high priority for mitigation to avoid operational disruptions.
Mitigation Recommendations
1. Firmware and Software Updates: Organizations should monitor Qualcomm and device vendors for firmware or software patches addressing CVE-2022-25736 and apply them promptly across all affected devices and platforms. 2. Network Segmentation: Segment wireless networks to isolate critical systems and reduce the attack surface. Limit WLAN access to trusted devices and users only. 3. Wireless Intrusion Detection and Prevention Systems (WIDS/WIPS): Deploy WIDS/WIPS solutions capable of detecting and blocking malformed or suspicious VHT action frames to prevent exploitation attempts. 4. Access Control: Enforce strong authentication and authorization controls on WLAN access points to prevent unauthorized devices from connecting and sending malicious frames. 5. Monitoring and Logging: Enable detailed logging of WLAN activity and monitor for anomalies or repeated malformed frame transmissions indicative of exploitation attempts. 6. Device Inventory and Risk Assessment: Maintain an up-to-date inventory of all Qualcomm Snapdragon-based devices and assess exposure to this vulnerability to prioritize remediation efforts. 7. Vendor Coordination: Engage with device manufacturers and Qualcomm for guidance, patches, and best practices specific to affected products. 8. Temporary Workarounds: Where patches are unavailable, consider disabling vulnerable WLAN features or restricting network protocols that process VHT action frames if feasible without impacting business operations.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Belgium, Poland
CVE-2022-25736: Buffer Over-read in WLAN in Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Description
Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
AI-Powered Analysis
Technical Analysis
CVE-2022-25736 is a high-severity vulnerability classified as a buffer over-read (CWE-125) affecting a broad range of Qualcomm Snapdragon platforms, including Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking products. The vulnerability arises from an out-of-bounds read occurring during the processing of Very High Throughput (VHT) action frames within the WLAN (Wireless Local Area Network) component of these Snapdragon chipsets. Specifically, when the WLAN subsystem processes malformed or malicious VHT action frames, it may read memory beyond the allocated buffer boundaries. This can lead to a denial of service (DoS) condition, causing the affected device or system to crash or become unresponsive. The vulnerability does not impact confidentiality or integrity directly but affects availability by disrupting WLAN functionality. The CVSS v3.1 base score is 7.5 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). The affected versions cover a wide range of Qualcomm chipsets and modules, including many popular Snapdragon mobile SoCs (e.g., SD 8 Gen1 5G, SD 888, SD 865 5G), IoT modules, automotive platforms, and connectivity chips. No known exploits in the wild have been reported to date, and no official patches are linked in the provided data, suggesting that mitigation may rely on vendor firmware updates or network-level protections. The vulnerability is significant due to the extensive deployment of Qualcomm Snapdragon chipsets in consumer electronics, mobile devices, automotive systems, and IoT devices worldwide. Attackers can exploit this remotely over the network without authentication or user interaction, increasing the risk of widespread disruption.
Potential Impact
For European organizations, the impact of CVE-2022-25736 can be substantial, especially for sectors relying heavily on Qualcomm Snapdragon-based devices and infrastructure. Mobile devices using Snapdragon chipsets are ubiquitous among employees, and many IoT deployments in industrial, automotive, and consumer environments utilize affected Qualcomm modules. A successful exploitation could lead to denial of service of WLAN connectivity, disrupting business operations, communications, and critical IoT functions. In automotive contexts, affected Snapdragon Auto platforms could experience connectivity failures, potentially impacting vehicle telematics, infotainment, or safety-related communications. Industrial IoT deployments relying on Snapdragon Industrial IoT modules may face operational downtime or degraded monitoring and control capabilities. The lack of confidentiality or integrity impact reduces risks of data breaches but the availability disruption can affect productivity, safety, and service continuity. Given the remote, unauthenticated nature of the exploit, attackers could launch denial of service attacks from within wireless range or through compromised network segments, posing risks to enterprise Wi-Fi networks and connected devices. Organizations with large deployments of Qualcomm-based devices, especially in critical infrastructure, automotive fleets, or IoT ecosystems, should consider this vulnerability a high priority for mitigation to avoid operational disruptions.
Mitigation Recommendations
1. Firmware and Software Updates: Organizations should monitor Qualcomm and device vendors for firmware or software patches addressing CVE-2022-25736 and apply them promptly across all affected devices and platforms. 2. Network Segmentation: Segment wireless networks to isolate critical systems and reduce the attack surface. Limit WLAN access to trusted devices and users only. 3. Wireless Intrusion Detection and Prevention Systems (WIDS/WIPS): Deploy WIDS/WIPS solutions capable of detecting and blocking malformed or suspicious VHT action frames to prevent exploitation attempts. 4. Access Control: Enforce strong authentication and authorization controls on WLAN access points to prevent unauthorized devices from connecting and sending malicious frames. 5. Monitoring and Logging: Enable detailed logging of WLAN activity and monitor for anomalies or repeated malformed frame transmissions indicative of exploitation attempts. 6. Device Inventory and Risk Assessment: Maintain an up-to-date inventory of all Qualcomm Snapdragon-based devices and assess exposure to this vulnerability to prioritize remediation efforts. 7. Vendor Coordination: Engage with device manufacturers and Qualcomm for guidance, patches, and best practices specific to affected products. 8. Temporary Workarounds: Where patches are unavailable, consider disabling vulnerable WLAN features or restricting network protocols that process VHT action frames if feasible without impacting business operations.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- qualcomm
- Date Reserved
- 2022-02-22T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9817c4522896dcbd79d6
Added to database: 5/21/2025, 9:08:39 AM
Last enriched: 7/5/2025, 2:27:59 AM
Last updated: 8/19/2025, 1:06:55 AM
Views: 17
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.