Buffer Copy Without Checking Size of Input in Boot

9 / 10

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.

AI Analysis

Memory corruption vulnerability due to buffer copy without checking size of input in boot process

Basic Information

ID CVE-2025-47372

Source qualcomm

Published Dec 18, 2025 at 05:29

Affected Product

Vendor Qualcomm, Inc.

Product Snapdragon

Version QAM8255P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, SA7255P, SA7775P, SA8255P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M

Affected Versions Qualcomm, Inc. Snapdragon QAM8255P
Qualcomm, Inc. Snapdragon QAM8620P
Qualcomm, Inc. Snapdragon QAM8650P
Qualcomm, Inc. Snapdragon QAM8775P
Qualcomm, Inc. Snapdragon QAMSRV1H
Qualcomm, Inc. Snapdragon QAMSRV1M
Qualcomm, Inc. Snapdragon QCA6595
Qualcomm, Inc. Snapdragon QCA6595AU
Qualcomm, Inc. Snapdragon QCA6678AQ
Qualcomm, Inc. Snapdragon QCA6696
Qualcomm, Inc. Snapdragon QCA6698AQ
Qualcomm, Inc. Snapdragon QCA6797AQ
Qualcomm, Inc. Snapdragon SA7255P
Qualcomm, Inc. Snapdragon SA7775P
Qualcomm, Inc. Snapdragon SA8255P
Qualcomm, Inc. Snapdragon SA8620P
Qualcomm, Inc. Snapdragon SA8650P
Qualcomm, Inc. Snapdragon SA8770P
Qualcomm, Inc. Snapdragon SA8775P
Qualcomm, Inc. Snapdragon SA9000P
Qualcomm, Inc. Snapdragon SRV1H
Qualcomm, Inc. Snapdragon SRV1L
Qualcomm, Inc. Snapdragon SRV1M

CWE Classification

CWE-120

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor Qualcomm

Product Snapdragon

References

docs.qualcomm.com /product/publicresources/securitybulletin/december-2025-bulletin.html

{
    "lastseen": "",
    "description": "Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.",
    "published": "2025-12-18T05:29:10.324Z",
    "modified": "2025-12-18T05:29:10.324Z",
    "type": "cve",
    "title": "Buffer Copy Without Checking Size of Input in Boot",
    "source": "qualcomm",
    "references": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html",
    "id": "CVE-2025-47372",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120"
    ],
    "cvelist": null,
    "sourceData": "Qualcomm, Inc. Snapdragon QAM8255P\nQualcomm, Inc. Snapdragon QAM8620P\nQualcomm, Inc. Snapdragon QAM8650P\nQualcomm, Inc. Snapdragon QAM8775P\nQualcomm, Inc. Snapdragon QAMSRV1H\nQualcomm, Inc. Snapdragon QAMSRV1M\nQualcomm, Inc. Snapdragon QCA6595\nQualcomm, Inc. Snapdragon QCA6595AU\nQualcomm, Inc. Snapdragon QCA6678AQ\nQualcomm, Inc. Snapdragon QCA6696\nQualcomm, Inc. Snapdragon QCA6698AQ\nQualcomm, Inc. Snapdragon QCA6797AQ\nQualcomm, Inc. Snapdragon SA7255P\nQualcomm, Inc. Snapdragon SA7775P\nQualcomm, Inc. Snapdragon SA8255P\nQualcomm, Inc. Snapdragon SA8620P\nQualcomm, Inc. Snapdragon SA8650P\nQualcomm, Inc. Snapdragon SA8770P\nQualcomm, Inc. Snapdragon SA8775P\nQualcomm, Inc. Snapdragon SA9000P\nQualcomm, Inc. Snapdragon SRV1H\nQualcomm, Inc. Snapdragon SRV1L\nQualcomm, Inc. Snapdragon SRV1M",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Snapdragon",
    "version": "QAM8255P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, SA7255P, SA7775P, SA8255P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M",
    "vendor": "Qualcomm, Inc.",
    "ai_description": "Memory corruption vulnerability due to buffer copy without checking size of input in boot process",
    "ai_severity": "Critical",
    "ai_vendor": "Qualcomm",
    "ai_product": "Snapdragon",
    "ai_version": "QAM8255P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, SA7255P, SA7775P, SA8255P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M",
    "ai_score": 9
}

Buffer Copy Without Checking Size of Input in Boot_CVE-2025-47372