CVE Alert: CVE-2025-47368 - Qualcomm, Inc. - Snapdragon

CVE-2025-47368

HIGHNo exploitation known

Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

Qualcomm, Inc.

Product

Snapdragon

Versions

FastConnect 6900 | FastConnect 7800 | SC8380XP | WCD9380 | WCD9385 | WSA8840 | WSA8845 | WSA8845H

CWE

CWE-126, CWE-126 Buffer Over-read

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-11-04T03:19:24.982Z

Updated

2025-11-04T03:19:24.982Z

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

AI Summary Analysis

Risk verdict

High risk of local, low-privilege memory corruption in the Qualcomm DSP service, with potential full device compromise if weaponised; urgency depends on KEV/SSVC exploitation status and EPSS indicator.

Why this matters

The vulnerability impacts all three core security objectives (C, I, A) with high impact and no user interaction required. An attacker with local access could extract sensitive memory, corrupt execution, or disrupt DSP-enabled workflows, potentially affecting enterprise devices, consumer mobiles, and IoT gateways relying on Snapdragon compute.

Most likely attack path

Exploitation requires a local attacker able to call the MCDM IOCTL interface with crafted buffers. Given low attack complexity and only low privileges required, arbitrary code execution or memory disclosure could be achievable on a compromised process, with scope remaining unchanged. Post-exploitation could enable broader access to trusted DSP resources, depending on what the DSP service can touch on the host.

Who is most exposed

Devices employing Snapdragon compute with exposed DSP service interfaces are at risk—mobile devices, wearables, and certain IoT/embedded platforms that expose IOCTL-based DSP controls.

Detection ideas

Crashes or instability in the DSP service tied to MCDM IOCTL handling.
Memory corruption or crash dumps indicating invalid userspace address dereference.
Unusual, frequent MCDM IOCTL calls from local processes.
Kernel or driver traces showing buffer over-read patterns.
Reproducing PoC-like IOCTL sequences in a controlled environment (with monitoring).

Mitigation and prioritisation

Apply vendor firmware/driver updates to address the DSP memory corruption.
Treat as priority 1 if KEV is true or EPSS ≥ 0.5; otherwise maintain high-priority remediation.
Restrict or tightly control access to the MCDM IOCTL interface; enforce least privilege for DSP clients.
Implement input validation and bounds checking within the IOCTL handling paths; consider temporary disablement of affected IOCTLs if feasible.
Coordinate remediation with device manufacturers and perform regression testing in a staged change-management plan.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-47368, OSINT, qualcomm-inc, snapdragon, threatintel