Buffer Over-read in DSP Service_CVE-2025-47368

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.

Basic Information

ID CVE-2025-47368

Source qualcomm

Published Nov 4, 2025 at 03:19

Modified Nov 4, 2025 at 04:55

Affected Product

Vendor Qualcomm, Inc.

Product Snapdragon

Version FastConnect 6900

Affected Versions Qualcomm, Inc. Snapdragon FastConnect 6900
Qualcomm, Inc. Snapdragon FastConnect 7800
Qualcomm, Inc. Snapdragon SC8380XP
Qualcomm, Inc. Snapdragon WCD9380
Qualcomm, Inc. Snapdragon WCD9385
Qualcomm, Inc. Snapdragon WSA8840
Qualcomm, Inc. Snapdragon WSA8845
Qualcomm, Inc. Snapdragon WSA8845H

CWE Classification

CWE-126

References

docs.qualcomm.com /product/publicresources/securitybulletin/november-2025-bulletin.html

{
    "lastseen": "",
    "description": "Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.",
    "published": "2025-11-04T03:19:24.982Z",
    "modified": "2025-11-04T04:55:28.154Z",
    "type": "cve",
    "title": "Buffer Over-read in DSP Service",
    "source": "qualcomm",
    "references": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html",
    "id": "CVE-2025-47368",
    "bulletinFamily": "",
    "cwe": [
        "CWE-126"
    ],
    "cvelist": null,
    "sourceData": "Qualcomm, Inc. Snapdragon FastConnect 6900\nQualcomm, Inc. Snapdragon FastConnect 7800\nQualcomm, Inc. Snapdragon SC8380XP\nQualcomm, Inc. Snapdragon WCD9380\nQualcomm, Inc. Snapdragon WCD9385\nQualcomm, Inc. Snapdragon WSA8840\nQualcomm, Inc. Snapdragon WSA8845\nQualcomm, Inc. Snapdragon WSA8845H",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Snapdragon",
    "version": "FastConnect 6900",
    "vendor": "Qualcomm, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}