CVE Alert: CVE-2025-47367 - Qualcomm, Inc. - Snapdragon

CVE-2025-47367

HIGHNo exploitation known

Memory corruption while accessing a buffer during IOCTL processing.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

Qualcomm, Inc.

Product

Snapdragon

Versions

FastConnect 6700 | FastConnect 6900 | FastConnect 7800 | QCC2072 | QCM5430 | QCM6490 | QCS5430 | QCS6490 | Qualcomm Video Collaboration VC3 Platform | SC8380XP | Snapdragon 7c+ Gen 3 Compute | Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) | WCD9370 | WCD9375 | WCD9378C | WCD9380 | WCD9385 | WSA8830 | WSA8835 | WSA8840 | WSA8845 | WSA8845H | X2000077 | X2000086 | X2000090 | X2000092 | X2000094 | XG101002 | XG101032 | XG101039

CWE

CWE-787, CWE-787: Out-of-bounds Write

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-11-04T03:19:23.734Z

Updated

2025-11-04T03:19:23.734Z

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

AI Summary Analysis

Risk verdict

High risk: local attacker could abuse an IOCTL interface in the affected WinBlast driver to cause memory corruption, with potential for code execution and impact on device integrity and availability.

Why this matters

Memory corruption via a trusted driver at the kernel/user boundary is a classic high-impact path. The vulnerability requires local access and low privileges, but the impact on confidentiality, integrity, and availability is high, enabling potential escalation on Qualcomm Snapdragon-based devices used in mobile, embedded, and IoT deployments.

Most likely attack path

An attacker with local access targets the IOCTL entry points exposed by the WinBlast driver, supplying crafted input to trigger an out-of-bounds write. The exploitation does not require user interaction, and the low preconditions (local, low privileges) combined with a high impact write can enable kernel-level control or crash the platform, with limited scope changes.

Who is most exposed

Snapdragon-based platforms in both compute and industrial IoT contexts; typical deployments include mobile/embedded devices and IoT gateways that rely on the affected driver stack.

Detection ideas

Unexpected IOCTL call patterns or sizes to the WinBlast driver.
Kernel memory corruption symptoms or crashes linked to IOCTL handling.
Abnormal driver load/unload events or stack traces in crash dumps.
Repeated IOCTL failures followed by a crash or service disruption.
Unusual peripheral/device behaviour after driver IOCTL activity.

Mitigation and prioritisation

Apply vendor patch or driver update when available; verify version against the official security bulletin.
If patching is not immediately possible, restrict IOCTL access to trusted processes and enforce strict least-privilege policies.
Isolate or temporarily disable the WinBlast driver where feasible; implement network/device segmentation to limit blast radius.
Monitor for crash dumps, kernel exceptions, and IOCTL anomaly alerts; collect telemetry for rapid forensics.
Coordinate with change-management to schedule firmware/driver updates and validate rollback plans.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-47367, OSINT, qualcomm-inc, snapdragon, threatintel