CVE-2024-33025 Overview
CVE-2024-33025 is a transient denial-of-service vulnerability affecting a broad range of Qualcomm chipset firmware. The flaw resides in the WLAN component that parses the Multi-Link (ML) Information Element (IE) used by Wi-Fi 7 (802.11be) multi-link operations. When the WLAN firmware processes the BSS parameter change count or MLD capabilities fields of the ML IE, an out-of-bounds read condition can be triggered. Qualcomm identifies the issue under CWE-126 (Buffer Over-read) and CWE-125 (Out-of-bounds Read). An unauthenticated attacker within wireless range can send a crafted frame to cause the WLAN subsystem to crash, disrupting connectivity for affected devices.
Critical Impact
A remote, unauthenticated attacker can trigger a transient denial of service in the WLAN firmware of hundreds of Qualcomm chipsets, including Snapdragon mobile, automotive, IoT, and networking platforms.
Affected Products
- Qualcomm Snapdragon 8 Gen 2, 8 Gen 3, 8+ Gen 2, 865, 865+, 870, and AR2 Gen 1 mobile and XR platforms
- Qualcomm FastConnect 6800/6900/7800 Wi-Fi connectivity subsystems and IPQ/QCN networking chipsets
- Qualcomm automotive (SA8155P, SA8255P, SA8295P, SA8775P) and modem-RF systems (Snapdragon X55, X65, X75)
Discovery Timeline
- 2024-08-05 - CVE-2024-33025 published to NVD as part of the Qualcomm August 2024 Security Bulletin
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-33025
Vulnerability Analysis
The vulnerability affects how Qualcomm WLAN firmware parses the Multi-Link Information Element introduced with the IEEE 802.11be (Wi-Fi 7) amendment. The ML IE carries fields describing multi-link device (MLD) capabilities and a BSS parameter change count that signals updates across associated links. The parsing routine reads these fields without sufficient bounds validation against the actual length of the received element. When the embedded length descriptors disagree with the frame's true size, the firmware reads memory beyond the legitimate buffer. The condition maps to CWE-125 (Out-of-bounds Read) and CWE-126 (Buffer Over-read), and results in a transient denial of service rather than data disclosure or code execution.
Root Cause
The root cause is missing or incorrect length validation when iterating sub-elements inside the ML IE. The parser trusts attacker-controlled length and capability indicator fields, allowing reads past the end of the input buffer. The affected logic is shared across the WLAN host stack used in mobile, automotive, IoT, networking, and modem-RF firmware images, which explains the wide scope of impacted SKUs.
Attack Vector
Exploitation requires an attacker within wireless range of a vulnerable device. The attacker transmits a malformed 802.11 management or association frame containing a crafted ML IE with inconsistent BSS parameter change count or MLD capabilities fields. No authentication, prior association, or user interaction is required. A successful trigger crashes the WLAN firmware, forcing a restart of the radio subsystem and interrupting Wi-Fi service. Availability impact is high; confidentiality and integrity are not affected.
No public proof-of-concept code, exploit module, or in-the-wild exploitation has been reported for CVE-2024-33025. See the Qualcomm August 2024 Security Bulletin for technical details and the full SKU list.
Detection Methods for CVE-2024-33025
Indicators of Compromise
- Repeated unexplained WLAN firmware crashes, subsystem restarts, or kernel messages referencing wlan or cnss recovery events on affected Snapdragon, FastConnect, IPQ, or QCN platforms.
- Sudden loss of Wi-Fi connectivity coinciding with the presence of unknown 802.11be capable devices or beacons advertising Multi-Link Operation in the RF environment.
- Crash dumps containing ML IE parsing functions in the WLAN driver call stack, particularly around BSS parameter change count handling.
Detection Strategies
- Monitor mobile device management (MDM) and endpoint telemetry for elevated rates of Wi-Fi disconnects and radio subsystem restarts on Qualcomm-based fleets.
- Capture and inspect 802.11 management frames in sensitive RF zones, flagging ML IEs with malformed length fields or inconsistent MLD capabilities indicators.
- Correlate firmware version inventory against the SKU list published in the Qualcomm advisory to identify devices that have not received the August 2024 patch level.
Monitoring Recommendations
- Forward Android security patch level and OEM firmware build telemetry into a centralized data lake to track patch coverage across Qualcomm-based endpoints.
- For IPQ and QCN-based access points and routers, enable remote syslog of WLAN driver events and alert on repeated subsystem recovery within short time windows.
- In automotive, XR, and IoT deployments, instrument crash reporting for the WLAN service so that recurring Wi-Fi outages surface to security operations rather than being silently recovered.
How to Mitigate CVE-2024-33025
Immediate Actions Required
- Inventory all devices using the affected Qualcomm chipsets and confirm whether OEM firmware incorporating the August 2024 Qualcomm patch level is deployed.
- Apply the latest OEM firmware or Android security update that includes Qualcomm's August 2024 fixes; on networking equipment, install vendor firmware that references CVE-2024-33025.
- Prioritize patching for high-value endpoints such as automotive head units, executive mobile devices, and Wi-Fi infrastructure that cannot tolerate connectivity loss.
Patch Information
Qualcomm published fixes in the August 2024 Security Bulletin. Patches are delivered to downstream OEMs (Google, Samsung, Xiaomi, automotive integrators, router vendors, and others), who incorporate them into their own firmware releases. End users must wait for the device manufacturer's update channel; there is no direct patch from Qualcomm to consumer devices.
Workarounds
- Where Wi-Fi 7 / 802.11be Multi-Link Operation is not required, disable MLO support on access points and clients to reduce exposure of the ML IE parsing path.
- Restrict access to trusted SSIDs and use enterprise authentication to limit the radio neighborhood in which a rogue device can transmit malicious management frames.
- For critical assets, prefer wired connectivity until vendor firmware updates addressing CVE-2024-33025 are available and validated.
# Configuration example: check Android security patch level on an affected device
adb shell getprop ro.build.version.security_patch
# Confirm the value is 2024-08-01 or later before considering the device patched
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

