CVSS 7.8 · HIGH
CVE-2025-47408
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Ver en NVDAnálisis
This memory corruption vulnerability affects Qualcomm FastConnect firmware used in many mobile devices and laptops. While rated high severity, it involves a local driver interaction via IOCTL, meaning it is likely used for privilege escalation rather than remote attacks. It is handled by standard OEM security updates and does not directly impact web or backend development practices.
Severidad
Puntaje: 7.8(HIGH)
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAV: LOCAL
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-822CWE-119EPSS
Probabilidad de explotación (próx. 30 días): 0.0001 (0.0%)
Percentil: 3.2%
EPSS: 2026-05-06
Afecta
qualcomm:fastconnect_6200_firmwarequalcomm:fastconnect_6200qualcomm:fastconnect_6900_firmwarequalcomm:fastconnect_6900qualcomm:fastconnect_7800_firmwarequalcomm:fastconnect_7800qualcomm:iqx5121_firmwarequalcomm:iqx5121qualcomm:iqx7181_firmwarequalcomm:iqx7181qualcomm:qca0000_firmwarequalcomm:qca0000qualcomm:sc8380xp_firmwarequalcomm:sc8380xpqualcomm:sd865_5g_firmwarequalcomm:sd865_5gqualcomm:sm6250_firmwarequalcomm:sm6250qualcomm:snapdragon_7c_compute_firmwarequalcomm:snapdragon_7c_computequalcomm:snapdragon_7c_gen_2_compute_firmwarequalcomm:snapdragon_7c_gen_2_computequalcomm:snapdragon_xr2_5g_firmwarequalcomm:snapdragon_xr2_5gqualcomm:snapdragon_xr2\+_gen_1_firmwarequalcomm:snapdragon_xr2\+_gen_1qualcomm:wcd9380_firmwarequalcomm:wcd9380qualcomm:wcd9385_firmwarequalcomm:wcd9385qualcomm:wsa8810_firmwarequalcomm:wsa8810qualcomm:wsa8815_firmwarequalcomm:wsa8815qualcomm:wsa8840_firmwarequalcomm:wsa8840qualcomm:wsa8845_firmwarequalcomm:wsa8845qualcomm:wsa8845h_firmwarequalcomm:wsa8845hDescripción técnica
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Publicada: 4/5/2026, 17:16:21
Última modificación: 6/5/2026, 18:03:00