CVE-2025-47359
Unknown Unknown - Not Provided

Memory Corruption in Qualcomm API from Concurrent Free Calls

Vulnerability report for CVE-2025-47359, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-02

Last updated on: 2026-02-11

Assigner: Qualcomm, Inc.

Description

Memory Corruption when multiple threads simultaneously access a memory free API.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-02
Last Modified
2026-02-11
Generated
2026-07-06
AI Q&A
2026-02-02
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 37 associated CPEs
Vendor Product Version / Range
qualcomm qca6391_firmware *
qualcomm qca6420_firmware *
qualcomm qca6430_firmware *
qualcomm qcc2072_firmware *
qualcomm sc8380xp_firmware *
qualcomm sc8180x-ad_firmware *
qualcomm sc8180xp-ad_firmware *
qualcomm sc8180x-aaab_firmware *
qualcomm sc8180xp-acaf_firmware *
qualcomm sc8180x-acaf_firmware *
qualcomm sc8180xp-aaab_firmware *
qualcomm sc8280xp-abbb_firmware *
qualcomm wcd9340_firmware *
qualcomm wcd9341_firmware *
qualcomm wcd9378c_firmware *
qualcomm wcd9380_firmware *
qualcomm wcd9385_firmware *
qualcomm wsa8810_firmware *
qualcomm wsa8815_firmware *
qualcomm wsa8830_firmware *
qualcomm wsa8835_firmware *
qualcomm wsa8840_firmware *
qualcomm wsa8845_firmware *
qualcomm wsa8845h_firmware *
qualcomm x2000077_firmware *
qualcomm x2000086_firmware *
qualcomm x2000090_firmware *
qualcomm x2000092_firmware *
qualcomm x2000094_firmware *
qualcomm xg101002_firmware *
qualcomm xg101032_firmware *
qualcomm xg101039_firmware *
qualcomm aqt1000_firmware *
qualcomm fastconnect_6200_firmware *
qualcomm fastconnect_6800_firmware *
qualcomm fastconnect_6900_firmware *
qualcomm fastconnect_7800_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a memory corruption issue that occurs when multiple threads simultaneously access a memory free API, potentially leading to unsafe memory operations.

Impact Analysis

The vulnerability can lead to high impact on confidentiality, integrity, and availability of the affected system, as indicated by the CVSS score, potentially causing crashes, data corruption, or unauthorized data access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47359. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart