BDU:2025-10659Critical
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость компонента Data Network Stack & Connectivity микропрограммного обеспечения встраиваемых плат Qualcomm связана с выходом операции…
CVSS
9.8
Critical
EPSS
0.00
p0
Published
2025-01-01
Updated
2025-01-01
Description
Уязвимость компонента Data Network Stack & Connectivity микропрограммного обеспечения встраиваемых плат Qualcomm связана с выходом операции за границы буфера в памяти при повторной сборке NALU. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать повреждение памяти путем отправки специально сформированного RTP-пакета
Tags · CWE
Pre-auth
Affected products
Qualcomm technologies inc. 205 mobile platformQualcomm technologies inc. 215 mobile platformQualcomm technologies inc. Apq8017Qualcomm technologies inc. Apq8064auQualcomm technologies inc. Aqt1000Qualcomm technologies inc. Fastconnect 6200Qualcomm technologies inc. Fastconnect 6700Qualcomm technologies inc. Fastconnect 6800Qualcomm technologies inc. Fastconnect 6900Qualcomm technologies inc. Fastconnect 7800Qualcomm technologies inc. Msm8996auQualcomm technologies inc. Qam8255pQualcomm technologies inc. Qam8295pQualcomm technologies inc. Qam8620pQualcomm technologies inc. Qam8650pQualcomm technologies inc. Qam8775pQualcomm technologies inc. Qamsrv1hQualcomm technologies inc. Qamsrv1mQualcomm technologies inc. Qca6310Qualcomm technologies inc. Qca6320
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| 205 mobile platform | qualcomm technologies inc. | Tracked |
| 215 mobile platform | qualcomm technologies inc. | Tracked |
| apq8017 | qualcomm technologies inc. | Tracked |
| apq8064au | qualcomm technologies inc. | Tracked |
| aqt1000 | qualcomm technologies inc. | Tracked |
| fastconnect 6200 | qualcomm technologies inc. | Tracked |
| fastconnect 6700 | qualcomm technologies inc. | Tracked |
| fastconnect 6800 | qualcomm technologies inc. | Tracked |
| fastconnect 6900 | qualcomm technologies inc. | Tracked |
| fastconnect 7800 | qualcomm technologies inc. | Tracked |
| msm8996au | qualcomm technologies inc. | Tracked |
| qam8255p | qualcomm technologies inc. | Tracked |
| qam8295p | qualcomm technologies inc. | Tracked |
| qam8620p | qualcomm technologies inc. | Tracked |
| qam8650p | qualcomm technologies inc. | Tracked |
| qam8775p | qualcomm technologies inc. | Tracked |
| qamsrv1h | qualcomm technologies inc. | Tracked |
| qamsrv1m | qualcomm technologies inc. | Tracked |
| qca6310 | qualcomm technologies inc. | Tracked |
| qca6320 | qualcomm technologies inc. | Tracked |
Showing first 20 of 226
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities