CVE-2025-47322
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-12-18
Last updated on: 2026-01-28
Assigner: Qualcomm, Inc.
Description
Description
Memory corruption while handling IOCTL calls to set mode.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qualcomm | ar8031_firmware | * |
| qualcomm | ar8031 | * |
| qualcomm | ar8035_firmware | * |
| qualcomm | ar8035 | * |
| qualcomm | csra6620_firmware | * |
| qualcomm | csra6620 | * |
| qualcomm | csra6640_firmware | * |
| qualcomm | csra6640 | * |
| qualcomm | fastconnect_6900_firmware | * |
| qualcomm | fastconnect_6900 | * |
| qualcomm | fastconnect_7800_firmware | * |
| qualcomm | fastconnect_7800 | * |
| qualcomm | flight_rb5_5g_platform_firmware | * |
| qualcomm | flight_rb5_5g_platform | * |
| qualcomm | qam8255p_firmware | * |
| qualcomm | qam8255p | * |
| qualcomm | qam8295p_firmware | * |
| qualcomm | qam8295p | * |
| qualcomm | qam8650p_firmware | * |
| qualcomm | qam8650p | * |
| qualcomm | qam8775p_firmware | * |
| qualcomm | qam8775p | * |
| qualcomm | qamsrv1h_firmware | * |
| qualcomm | qamsrv1h | * |
| qualcomm | qamsrv1m_firmware | * |
| qualcomm | qamsrv1m | * |
| qualcomm | qca2066_firmware | * |
| qualcomm | qca2066 | * |
| qualcomm | qca6174a_firmware | * |
| qualcomm | qca6174a | * |
| qualcomm | qca6391_firmware | * |
| qualcomm | qca6391 | * |
| qualcomm | qca6574_firmware | * |
| qualcomm | qca6574 | * |
| qualcomm | qca6574a_firmware | * |
| qualcomm | qca6574a | * |
| qualcomm | qca6574au_firmware | * |
| qualcomm | qca6574au | * |
| qualcomm | qca6584au_firmware | * |
| qualcomm | qca6584au | * |
| qualcomm | qca6595_firmware | * |
| qualcomm | qca6595 | * |
| qualcomm | qca6595au_firmware | * |
| qualcomm | qca6595au | * |
| qualcomm | qca6678aq_firmware | * |
| qualcomm | qca6678aq | * |
| qualcomm | qca6688aq_firmware | * |
| qualcomm | qca6688aq | * |
| qualcomm | qca6696_firmware | * |
| qualcomm | qca6696 | * |
| qualcomm | qca6698aq_firmware | * |
| qualcomm | qca6698aq | * |
| qualcomm | qca6797aq_firmware | * |
| qualcomm | qca6797aq | * |
| qualcomm | qca8081_firmware | * |
| qualcomm | qca8081 | * |
| qualcomm | qca8337_firmware | * |
| qualcomm | qca8337 | * |
| qualcomm | qcc710_firmware | * |
| qualcomm | qcc710 | * |
| qualcomm | qcm2290_firmware | * |
| qualcomm | qcm2290 | * |
| qualcomm | qcm6125_firmware | * |
| qualcomm | qcm6125 | * |
| qualcomm | qcm8550_firmware | * |
| qualcomm | qcm8550 | * |
| qualcomm | qcn6224_firmware | * |
| qualcomm | qcn6224 | * |
| qualcomm | qcn6274_firmware | * |
| qualcomm | qcn6274 | * |
| qualcomm | qcn9011_firmware | * |
| qualcomm | qcn9011 | * |
| qualcomm | qcn9012_firmware | * |
| qualcomm | qcn9012 | * |
| qualcomm | qcs2290_firmware | * |
| qualcomm | qcs2290 | * |
| qualcomm | qcs6125_firmware | * |
| qualcomm | qcs6125 | * |
| qualcomm | qcs7230_firmware | * |
| qualcomm | qcs7230 | * |
| qualcomm | qcs8250_firmware | * |
| qualcomm | qcs8250 | * |
| qualcomm | qcs8550_firmware | * |
| qualcomm | qcs8550 | * |
| qualcomm | qdu1010_firmware | * |
| qualcomm | qdu1010 | * |
| qualcomm | qdx1010_firmware | * |
| qualcomm | qdx1010 | * |
| qualcomm | qdx1011_firmware | * |
| qualcomm | qdx1011 | * |
| qualcomm | qep8111_firmware | * |
| qualcomm | qep8111 | * |
| qualcomm | qfw7114_firmware | * |
| qualcomm | qfw7114 | * |
| qualcomm | qfw7124_firmware | * |
| qualcomm | qfw7124 | * |
| qualcomm | qrb5165n_firmware | * |
| qualcomm | qrb5165n | * |
| qualcomm | video_collaboration_vc1_platform_firmware | * |
| qualcomm | video_collaboration_vc1_platform | * |
| qualcomm | video_collaboration_vc5_platform_firmware | * |
| qualcomm | video_collaboration_vc5_platform | * |
| qualcomm | robotics_rb5_platform_firmware | * |
| qualcomm | robotics_rb5_platform | * |
| qualcomm | sa6155p_firmware | * |
| qualcomm | sa6155p | * |
| qualcomm | sa7255p_firmware | * |
| qualcomm | sa7255p | * |
| qualcomm | sa7775p_firmware | * |
| qualcomm | sa7775p | * |
| qualcomm | sa8155p_firmware | * |
| qualcomm | sa8155p | * |
| qualcomm | sa8195p_firmware | * |
| qualcomm | sa8195p | * |
| qualcomm | sa8255p_firmware | * |
| qualcomm | sa8255p | * |
| qualcomm | sa8295p_firmware | * |
| qualcomm | sa8295p | * |
| qualcomm | sa8620p_firmware | * |
| qualcomm | sa8620p | * |
| qualcomm | sa8650p_firmware | * |
| qualcomm | sa8650p | * |
| qualcomm | sa8770p_firmware | * |
| qualcomm | sa8770p | * |
| qualcomm | sa8775p_firmware | * |
| qualcomm | sa8775p | * |
| qualcomm | sa9000p_firmware | * |
| qualcomm | sa9000p | * |
| qualcomm | sg4150p_firmware | * |
| qualcomm | sg4150p | * |
| qualcomm | sg8275_firmware | * |
| qualcomm | sg8275 | * |
| qualcomm | sg8275p_firmware | * |
| qualcomm | sg8275p | * |
| qualcomm | sm7550_firmware | * |
| qualcomm | sm7550 | * |
| qualcomm | sm7550p_firmware | * |
| qualcomm | sm7550p | * |
| qualcomm | sm8550p_firmware | * |
| qualcomm | sm8550p | * |
| qualcomm | smart_audio_400_platform_firmware | * |
| qualcomm | smart_audio_400_platform | * |
| qualcomm | snapdragon_460_mobile_platform_firmware | * |
| qualcomm | snapdragon_460_mobile_platform | * |
| qualcomm | snapdragon_662_mobile_platform_firmware | * |
| qualcomm | snapdragon_662_mobile_platform | * |
| qualcomm | snapdragon_680_4g_mobile_platform_firmware | * |
| qualcomm | snapdragon_680_4g_mobile_platform | * |
| qualcomm | snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware | * |
| qualcomm | snapdragon_685_4g_mobile_platform_\(sm6225-ad\) | * |
| qualcomm | snapdragon_8_gen_2_mobile_platform_firmware | * |
| qualcomm | snapdragon_8_gen_2_mobile_platform | * |
| qualcomm | snapdragon_8\+_gen_2_mobile_platform_firmware | * |
| qualcomm | snapdragon_8\+_gen_2_mobile_platform | * |
| qualcomm | snapdragon_auto_5g_modem-rf_gen_2_firmware | * |
| qualcomm | snapdragon_auto_5g_modem-rf_gen_2 | * |
| qualcomm | snapdragon_w5\+_gen_1_wearable_platform_firmware | * |
| qualcomm | snapdragon_w5\+_gen_1_wearable_platform | * |
| qualcomm | snapdragon_x32_5g_modem-rf_system_firmware | * |
| qualcomm | snapdragon_x32_5g_modem-rf_system | * |
| qualcomm | snapdragon_x35_5g_modem-rf_system_firmware | * |
| qualcomm | snapdragon_x35_5g_modem-rf_system | * |
| qualcomm | snapdragon_x72_5g_modem-rf_system_firmware | * |
| qualcomm | snapdragon_x72_5g_modem-rf_system | * |
| qualcomm | snapdragon_x75_5g_modem-rf_system_firmware | * |
| qualcomm | snapdragon_x75_5g_modem-rf_system | * |
| qualcomm | srv1h_firmware | * |
| qualcomm | srv1h | * |
| qualcomm | srv1m_firmware | * |
| qualcomm | srv1m | * |
| qualcomm | sw5100_firmware | * |
| qualcomm | sw5100 | * |
| qualcomm | sw5100p_firmware | * |
| qualcomm | sw5100p | * |
| qualcomm | wcd9335_firmware | * |
| qualcomm | wcd9335 | * |
| qualcomm | wcd9340_firmware | * |
| qualcomm | wcd9340 | * |
| qualcomm | wcd9370_firmware | * |
| qualcomm | wcd9370 | * |
| qualcomm | wcd9371_firmware | * |
| qualcomm | wcd9371 | * |
| qualcomm | wcd9375_firmware | * |
| qualcomm | wcd9375 | * |
| qualcomm | wcd9378_firmware | * |
| qualcomm | wcd9378 | * |
| qualcomm | wcd9380_firmware | * |
| qualcomm | wcd9380 | * |
| qualcomm | wcd9385_firmware | * |
| qualcomm | wcd9385 | * |
| qualcomm | wcd9390_firmware | * |
| qualcomm | wcd9390 | * |
| qualcomm | wcd9395_firmware | * |
| qualcomm | wcd9395 | * |
| qualcomm | wcn3910_firmware | * |
| qualcomm | wcn3910 | * |
| qualcomm | wcn3950_firmware | * |
| qualcomm | wcn3950 | * |
| qualcomm | wcn3980_firmware | * |
| qualcomm | wcn3980 | * |
| qualcomm | wcn3988_firmware | * |
| qualcomm | wcn3988 | * |
| qualcomm | wcn6650_firmware | * |
| qualcomm | wcn6650 | * |
| qualcomm | wcn6755_firmware | * |
| qualcomm | wcn6755 | * |
| qualcomm | wsa8810_firmware | * |
| qualcomm | wsa8810 | * |
| qualcomm | wsa8815_firmware | * |
| qualcomm | wsa8815 | * |
| qualcomm | wsa8830_firmware | * |
| qualcomm | wsa8830 | * |
| qualcomm | wsa8832_firmware | * |
| qualcomm | wsa8832 | * |
| qualcomm | wsa8835_firmware | * |
| qualcomm | wsa8835 | * |
| qualcomm | wsa8840_firmware | * |
| qualcomm | wsa8840 | * |
| qualcomm | wsa8845_firmware | * |
| qualcomm | wsa8845 | * |
| qualcomm | wsa8845h_firmware | * |
| qualcomm | wsa8845h | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
