CVE-2025-47384 Overview
CVE-2025-47384 is a Denial of Service vulnerability affecting a wide range of Qualcomm wireless connectivity and mobile platform firmware. The vulnerability occurs when the MAC (Media Access Control) layer processes a configuration identifier that exceeds the maximum supported value, resulting in a transient denial of service condition. This flaw is categorized under CWE-617 (Reachable Assertion), indicating that the firmware fails to properly validate input boundaries before processing configuration parameters.
The vulnerability requires an attacker to be on an adjacent network to exploit, meaning they must have proximity access to the target device's wireless network. When exploited, this flaw can cause affected devices to temporarily become unresponsive or crash, disrupting wireless connectivity for users.
Critical Impact
Adjacent network attackers can cause transient denial of service on affected Qualcomm chipsets by sending malformed MAC configuration requests with out-of-bounds config ID values.
Affected Products
- Qualcomm 5G Fixed Wireless Access Platform Firmware
- Qualcomm FastConnect 6200, 6700, 6800, 6900 Firmware
- Qualcomm QCA6391, QCA6574A, QCA6595AU, QCA6696, QCA6698AQ Firmware
- Qualcomm Snapdragon 4 Gen 1, 480 5G, 690 5G, 695 5G, 778G 5G, 782G, 865 5G, 870 5G, 888 5G Mobile Platform Firmware
- Qualcomm Snapdragon X53 5G and X55 5G Modem-RF System Firmware
- Qualcomm WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385 Firmware
- Qualcomm WCN3988 Firmware
- Qualcomm WSA8810, WSA8815, WSA8830, WSA8835 Firmware
Discovery Timeline
- March 2, 2026 - CVE-2025-47384 published to NVD
- March 5, 2026 - Last updated in NVD database
Technical Details for CVE-2025-47384
Vulnerability Analysis
This vulnerability exists in the MAC layer firmware handling of configuration identifiers across numerous Qualcomm wireless connectivity components. The flaw is rooted in improper input validation where the firmware accepts and processes configuration ID values that exceed the maximum supported threshold. When such an oversized value is processed, it triggers a reachable assertion (CWE-617), causing the firmware to enter a fault state and resulting in a transient denial of service.
The attack can be launched from an adjacent network position, such as within WiFi range of the target device. No authentication or user interaction is required to exploit this vulnerability, making it relatively straightforward for an attacker with network proximity to execute. The impact is limited to availability—no confidentiality or integrity compromise occurs—but the disruption to wireless connectivity can significantly affect device usability.
Root Cause
The root cause is improper bounds checking in the MAC configuration processing code. Specifically, when the firmware receives a configuration request containing a config_id parameter, it fails to validate whether this value falls within the expected range before attempting to use it. This leads to a reachable assertion being triggered when the out-of-bounds value is processed, causing the firmware component to crash or become temporarily unresponsive.
The assertion failure indicates that the code contains a runtime check that assumes valid input, but this check occurs too late in the processing flow—after the invalid value has already caused problems—rather than at the input boundary where it should be rejected.
Attack Vector
An attacker must be positioned on an adjacent network (such as the same WiFi network or within wireless range) to exploit this vulnerability. The attack involves sending specially crafted MAC configuration messages containing a config_id value that exceeds the maximum supported value. When the vulnerable firmware processes this malformed request, the assertion check fails and triggers a denial of service condition.
The attack does not require any privileges or user interaction on the target device. The transient nature of the DoS means that while the device temporarily loses wireless connectivity or becomes unresponsive, it typically recovers after the fault condition is cleared, though repeated exploitation could cause sustained service disruption.
Detection Methods for CVE-2025-47384
Indicators of Compromise
- Unexpected wireless connectivity drops or device crashes when connected to WiFi networks
- Repeated firmware assertion failures in system logs related to MAC layer configuration handling
- Unusual patterns of wireless management frames observed on network traffic captures
- Device instability or reboot loops when in proximity to potentially malicious access points
Detection Strategies
- Monitor for repeated device crashes or wireless connectivity failures that could indicate exploitation attempts
- Implement network monitoring to detect anomalous MAC layer configuration traffic patterns
- Review device firmware logs for assertion failures or crashes in wireless connectivity components
- Deploy wireless intrusion detection systems (WIDS) to identify suspicious management frame activity
Monitoring Recommendations
- Enable detailed logging on network infrastructure to capture wireless management frame anomalies
- Configure alerts for repeated device disconnections or crash patterns across multiple Qualcomm-based devices
- Implement endpoint monitoring for firmware crash events on affected mobile and IoT devices
- Establish baseline wireless network behavior to more easily identify exploitation attempts
How to Mitigate CVE-2025-47384
Immediate Actions Required
- Review the Qualcomm Security Bulletin March 2026 for specific patch information
- Identify all devices in your environment using affected Qualcomm chipsets and firmware
- Apply available firmware updates from device manufacturers as they become available
- Limit exposure of vulnerable devices to untrusted adjacent networks where possible
Patch Information
Qualcomm has disclosed this vulnerability in their March 2026 Security Bulletin. Organizations should consult the Qualcomm Security Bulletin March 2026 for detailed patch availability and instructions. Device manufacturers (OEMs) will need to integrate these patches into their firmware updates, so end users should monitor for updates from their specific device vendors (smartphone manufacturers, IoT device makers, etc.).
Given the breadth of affected products—spanning mobile platforms, fixed wireless access systems, audio codecs, and connectivity modules—organizations should inventory their Qualcomm-based devices and prioritize firmware updates based on exposure risk.
Workarounds
- Restrict devices running vulnerable firmware from connecting to untrusted or public WiFi networks
- Implement network segmentation to limit attacker adjacency to vulnerable devices
- Consider disabling WiFi on critical devices until patches are available if the risk is deemed unacceptable
- Monitor affected devices closely for signs of exploitation and enable automatic recovery mechanisms where possible
# Inventory check for affected Qualcomm components
# Consult device manufacturer documentation for firmware version verification
# Example for Android devices:
adb shell getprop ro.board.platform
adb shell cat /sys/class/power_supply/battery/chip_name
# Monitor for wireless crashes on Linux systems with Qualcomm WiFi
dmesg | grep -i "qca\|wcn\|ath\|wlan" | grep -i "assert\|crash\|fault"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
