CVE-2025-47408
published 2026-05-04CVE-2025-47408: Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.07%
0.1th percentile
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Qualcomm Snapdragon Compute/Snapdragon Industrial IOT FastConnect 6200 up to WSA8845 Driver Call untrusted pointer dereference
vuldb·2026-05-04·CVSS 7.8
CVE-2025-47408 [HIGH] Qualcomm Snapdragon Compute/Snapdragon Industrial IOT FastConnect 6200 up to WSA8845 Driver Call untrusted pointer dereference
A vulnerability has been found in Qualcomm Snapdragon Compute and Snapdragon Industrial IOT and classified as critical. Affected is an unknown function of the component Driver Call Handler. This manipulation causes untrusted pointer dereference.
This vulnerability appears as CVE-2025-47408. The attack requires local access. There is no available exploit.
The affected component should be upgraded.
GHSA
GHSA-69pf-vh76-jm4w: Memory corruption when another driver calls an IOCTL with invalid input/output buffer
ghsa_unreviewed·2026-05-04
CVE-2025-47408 [HIGH] CWE-119 GHSA-69pf-vh76-jm4w: Memory corruption when another driver calls an IOCTL with invalid input/output buffer
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published