CVE-2025-47406
Information Disclosure in Qualcomm Chipset Drivers
Publication date: 2026-05-04
Last updated on: 2026-05-06
Assigner: Qualcomm, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qualcomm | cologne_firmware | * |
| qualcomm | fastconnect_6700_firmware | * |
| qualcomm | fastconnect_6900_firmware | * |
| qualcomm | fastconnect_7800_firmware | * |
| qualcomm | iqx5121_firmware | * |
| qualcomm | iqx7181_firmware | * |
| qualcomm | qca0000_firmware | * |
| qualcomm | qcm5430_firmware | * |
| qualcomm | qcm6490_firmware | * |
| qualcomm | video_collaboration_vc3_platform_firmware | * |
| qualcomm | sc8380xp_firmware | * |
| qualcomm | snapdragon_7c+_gen_3_compute_firmware | * |
| qualcomm | snapdragon_8cx_gen_3_compute_firmware | * |
| qualcomm | wcd9370_firmware | * |
| qualcomm | wcd9375_firmware | * |
| qualcomm | wcd9378c_firmware | * |
| qualcomm | wcd9380_firmware | * |
| qualcomm | wcd9385_firmware | * |
| qualcomm | wsa8830_firmware | * |
| qualcomm | wsa8835_firmware | * |
| qualcomm | wsa8840_firmware | * |
| qualcomm | wsa8845_firmware | * |
| qualcomm | wsa8845h_firmware | * |
| qualcomm | x2000077_firmware | * |
| qualcomm | x2000086_firmware | * |
| qualcomm | x2000090_firmware | * |
| qualcomm | x2000092_firmware | * |
| qualcomm | x2000094_firmware | * |
| qualcomm | xg101002_firmware | * |
| qualcomm | xg101032_firmware | * |
| qualcomm | xg101039_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves information disclosure that occurs when IOCTL handler callbacks process data without verifying the size of the buffer. Essentially, the system does not properly check the buffer size during these operations, which can lead to unintended exposure of sensitive information.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily information disclosure. An attacker with limited privileges could exploit this flaw to gain access to sensitive information that should otherwise be protected. This could lead to confidentiality breaches and potential misuse of exposed data.