Untrusted Pointer Dereference in Power Optimization Firmware_CVE-2025-47408

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

Basic Information

ID CVE-2025-47408

Source qualcomm

Published May 4, 2026 at 16:43

Affected Product

Vendor Qualcomm, Inc.

Product Snapdragon

Version FastConnect 6200

Affected Versions Qualcomm, Inc. Snapdragon FastConnect 6200
Qualcomm, Inc. Snapdragon FastConnect 6900
Qualcomm, Inc. Snapdragon FastConnect 7800
Qualcomm, Inc. Snapdragon IQX5121
Qualcomm, Inc. Snapdragon IQX7181
Qualcomm, Inc. Snapdragon QCA0000
Qualcomm, Inc. Snapdragon SC8380XP
Qualcomm, Inc. Snapdragon SD865 5G
Qualcomm, Inc. Snapdragon SM6250
Qualcomm, Inc. Snapdragon Snapdragon 7c Compute Platform
Qualcomm, Inc. Snapdragon Snapdragon 7c Gen 2 Compute Platform "Rennell Pro"
Qualcomm, Inc. Snapdragon Snapdragon XR2 5G Platform
Qualcomm, Inc. Snapdragon Snapdragon XR2+ Gen 1 Platform
Qualcomm, Inc. Snapdragon WCD9380
Qualcomm, Inc. Snapdragon WCD9385
Qualcomm, Inc. Snapdragon WSA8810
Qualcomm, Inc. Snapdragon WSA8815
Qualcomm, Inc. Snapdragon WSA8840
Qualcomm, Inc. Snapdragon WSA8845
Qualcomm, Inc. Snapdragon WSA8845H

CWE Classification

CWE-822

References

docs.qualcomm.com /product/publicresources/securitybulletin/may-2026-bulletin.html

{
    "lastseen": "",
    "description": "Memory corruption when another driver calls an IOCTL with invalid input/output buffer.",
    "published": "2026-05-04T16:43:14.541Z",
    "modified": "2026-05-04T16:43:14.541Z",
    "type": "cve",
    "title": "Untrusted Pointer Dereference in Power Optimization Firmware",
    "source": "qualcomm",
    "references": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html",
    "id": "CVE-2025-47408",
    "bulletinFamily": "",
    "cwe": [
        "CWE-822"
    ],
    "cvelist": null,
    "sourceData": "Qualcomm, Inc. Snapdragon FastConnect 6200\nQualcomm, Inc. Snapdragon FastConnect 6900\nQualcomm, Inc. Snapdragon FastConnect 7800\nQualcomm, Inc. Snapdragon IQX5121\nQualcomm, Inc. Snapdragon IQX7181\nQualcomm, Inc. Snapdragon QCA0000\nQualcomm, Inc. Snapdragon SC8380XP\nQualcomm, Inc. Snapdragon SD865 5G\nQualcomm, Inc. Snapdragon SM6250\nQualcomm, Inc. Snapdragon Snapdragon 7c Compute Platform\nQualcomm, Inc. Snapdragon Snapdragon 7c Gen 2 Compute Platform \"Rennell Pro\"\nQualcomm, Inc. Snapdragon Snapdragon XR2 5G Platform\nQualcomm, Inc. Snapdragon Snapdragon XR2+ Gen 1 Platform\nQualcomm, Inc. Snapdragon WCD9380\nQualcomm, Inc. Snapdragon WCD9385\nQualcomm, Inc. Snapdragon WSA8810\nQualcomm, Inc. Snapdragon WSA8815\nQualcomm, Inc. Snapdragon WSA8840\nQualcomm, Inc. Snapdragon WSA8845\nQualcomm, Inc. Snapdragon WSA8845H",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Snapdragon",
    "version": "FastConnect 6200",
    "vendor": "Qualcomm, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}