CVE-2025-47408

High

Published: 04 May 2026

Published

04 May 2026

Modified

04 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 3.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

Security SummaryAI

CVE-2025-47408 is a memory corruption vulnerability (CWE-822: Untrusted Pointer Dereference) triggered when another driver issues an IOCTL call with invalid input or output buffers. It affects components in Qualcomm products, as documented in the vendor's security bulletin.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited by a local attacker with low privileges. Exploitation requires low complexity and no user interaction, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability through memory corruption.

Qualcomm's May 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html provides details on affected products and recommended mitigations or patches.

Details

CWE(s): CWE-822

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html
product-security@qualcomm.com