CVE Alert: CVE-2025-47342 – Qualcomm, Inc. – Snapdragon
CVE-2025-47342
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.
AI Summary Analysis
1) Risk verdict
High risk of remote transient denial-of-service on Snapdragon BT controller platforms, driven by a network-accessible vector with low privileges and no user interaction; exploitation indicators in the current data are not confirmed.
2) Why this matters
A DoS that disrupts Bluetooth controller operations can affect voice/multi-profile features and overall device usability, impacting customer experience and support costs. In environments with multi-profile concurrency enabled (QHS), the window for triggering instability increases, potentially affecting multiple services simultaneously.
3) Most likely attack path
An attacker could trigger the issue remotely over the network, exploiting the use-after-free in the BT controller during concurrent multi-profile operations. The vulnerability’s CVSS metrics indicate network access with low privileges and no UI interaction, with high availability impact, and no broader scope. Lateral movement is unlikely beyond the affected device due to unchanged scope.
4) Who is most exposed
Devices employing Qualcomm Snapdragon BT controller components, particularly mobile devices, wearables, and IoT products that support multi-profile concurrency with QHS enabled, are most at risk. Organisations deploying consumer devices or enterprise endpoints with these stack characteristics should monitor.
5) Detection ideas
- Sudden, repeated device reboots or watchdog resets tied to Bluetooth services.
- Crash logs or memory-related fault dumps referencing BT controller use-after-free.
- Unusual spikes in network attempts or abnormal BT management traffic.
- Short-lived service outages correlating with multi-profile activity.
6) Mitigation and prioritisation
- Apply vendor-supplied firmware/driver patches promptly; if KEV or EPSS indicate higher risk, escalate to priority 1.
- Where feasible, disable or limit multi-profile concurrency (QHS) and tighten BT service controls.
- Implement watchdogs and strict restart policies for the BT stack; enable anomaly detection on memory faults.
- Deploy compensating controls: restrict remote management access to affected components; validate SBOM and monitor for new advisories.
- Change-management: test patch in staging before wide rollout; keep stakeholders apprised of remediation status.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
