CVE-2025-47400
Buffer Overflow in Qualcomm Crypto Module Risks Data Corruption
Publication date: 2026-04-06
Last updated on: 2026-04-08
Assigner: Qualcomm, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qualcomm | pandeiro_firmware | * |
| qualcomm | snapdragon_8_elite_gen_5_firmware | * |
| qualcomm | sw6100_firmware | * |
| qualcomm | sw6100p_firmware | * |
| qualcomm | themisto_firmware | * |
| qualcomm | wcd9395_firmware | * |
| qualcomm | wcn7860_firmware | * |
| qualcomm | wcn7861_firmware | * |
| qualcomm | wsa8840_firmware | * |
| qualcomm | wsa8845_firmware | * |
| qualcomm | wsa8845h_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cryptographic issue that occurs when data is copied to a destination buffer without validating the size of that buffer. This means that the process does not check if the buffer is large enough to hold the data being copied, which can lead to problems such as buffer overflows.
How can this vulnerability impact me? :
The vulnerability can have a significant impact because it allows unauthorized access or modification of sensitive data. According to the CVSS score, it has a high impact on confidentiality and integrity, meaning attackers could potentially read or alter sensitive information. However, it requires local access with low privileges and no user interaction.