CVE-2025-47319Exposure of Sensitive System Information to an Unauthorized Control Sphere in INC Snapdragon

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere6 documents4 sources
Severity
6.7MEDIUMNVD
OSV5.5
EPSS
0.0%
top 96.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelQualcomm INC SnapdragonGoogle Android
Timeline
PublishedDec 18

Description

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:NExploitability: 1.5 | Impact: 4.7

Affected Packages3 packages

Ubuntulinux/linux_kernel< 4.4.0-273.307
CVEListV5qualcomm_inc/snapdragon118 versions+117

🔴Vulnerability Details

4
GHSA
GHSA-v8xj-9mr9-jmpq: Information disclosure while exposing internal TA-to-TA communication APIs to HLOS2025-12-18
OSV
linux-aws vulnerabilities2025-10-21
OSV
linux-aws, linux-lts-xenial vulnerabilities2025-10-02
OSV
linux, linux-kvm vulnerabilities2025-10-02

📋Vendor Advisories

1
Android
CVE-2025-47319: Closed-source component2025-12-01