CVE-2025-47407
Published: 04 May 2026
Description
Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Timestamps meeting UTC or offset standards help identify TOCTOU issues through precise chronological reconstruction of check/use operations.
Security SummaryAI
CVE-2025-47407 is a memory corruption vulnerability that occurs while creating a process on the digital signal processor due to allocation failure at the kernel level. It is associated with CWE-367 and affects Qualcomm components, as documented in their security bulletin. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with significant impacts on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation leads to memory corruption, enabling high-level impacts such as unauthorized data access, modification, or denial of service on the affected DSP kernel.
Qualcomm's May 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html details the vulnerability, including affected products and recommended mitigations or patches. Security practitioners should consult this advisory for specific remediation guidance.
Details
- CWE(s)