CVE-2025-47408
Awaiting Analysis Awaiting Analysis - Queue

Memory Corruption in Qualcomm Chipset Driver

Vulnerability report for CVE-2025-47408, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-04

Last updated on: 2026-05-06

Assigner: Qualcomm, Inc.

Description

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-04
Last Modified
2026-05-06
Generated
2026-07-06
AI Q&A
2026-05-05
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 20 associated CPEs
Vendor Product Version / Range
qualcomm fastconnect_6200_firmware *
qualcomm fastconnect_6900_firmware *
qualcomm fastconnect_7800_firmware *
qualcomm iqx5121_firmware *
qualcomm iqx7181_firmware *
qualcomm qca0000_firmware *
qualcomm sc8380xp_firmware *
qualcomm sd865_5g_firmware *
qualcomm sm6250_firmware *
qualcomm snapdragon_7c_compute_firmware *
qualcomm snapdragon_7c_gen_2_compute_firmware *
qualcomm snapdragon_xr2_5g_firmware *
qualcomm snapdragon_xr2+_gen_1_firmware *
qualcomm wcd9380_firmware *
qualcomm wcd9385_firmware *
qualcomm wsa8810_firmware *
qualcomm wsa8815_firmware *
qualcomm wsa8840_firmware *
qualcomm wsa8845_firmware *
qualcomm wsa8845h_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-822 The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves memory corruption that occurs when a driver receives an IOCTL (Input Output Control) call with invalid input or output buffer parameters from another driver.

Impact Analysis

The vulnerability can lead to serious impacts including high confidentiality, integrity, and availability risks. This means an attacker with limited privileges could exploit this flaw to corrupt memory, potentially causing system crashes, unauthorized data access, or modification.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart