CVE Field Guide
About Us
CVE-2025-47408
PUBLISHED
Untrusted Pointer Dereference in Power Optimization Firmware
Assigner:
qualcomm
Reserved:
06.05.2025
Published:
04.05.2026
Updated:
05.05.2026
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score:
7.8
CVSS score
7.8
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
High
Privileges Required
Low
Integrity Impact
High
User Interaction
None
Availability Impact
High
CVSS 3.1
Product Status
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
Default:
unaffected
Version FastConnect 6200 is affected
Version FastConnect 6900 is affected
Version FastConnect 7800 is affected
Version IQX5121 is affected
Version IQX7181 is affected
Version QCA0000 is affected
Version SC8380XP is affected
Version SD865 5G is affected
Version SM6250 is affected
Version Snapdragon 7c Compute Platform is affected
Version Snapdragon 7c Gen 2 Compute Platform "Rennell Pro" is affected
Version Snapdragon XR2 5G Platform is affected
Version Snapdragon XR2+ Gen 1 Platform is affected
Version WCD9380 is affected
Version WCD9385 is affected
Version WSA8810 is affected
Version WSA8815 is affected
Version WSA8840 is affected
Version WSA8845 is affected
Version WSA8845H is affected
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html
Problem Types
CWE-822 Untrusted Pointer Dereference
CWE