Vulnerabilities ›

CVE-2025-47399

High

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

CWE-120 — Weakness Type

                    Published: Feb 2, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

🤖 AI Executive Summary

CVE-2025-47399 is a memory corruption vulnerability in IOCTL call processing for sensor property updates that occurs when invalid input parameters are provided. This high-severity flaw (CVSS 7.8) could allow attackers to crash systems or potentially execute arbitrary code.

📄 Description (Arabic)

يؤثر هذا الثغرة على معالجات IOCTL المسؤولة عن تحديث إعدادات المستشعرات عند تمرير معاملات إدخال غير صحيحة. يمكن للمهاجمين استغلال هذا الخلل لتجاوز حدود الذاكرة وتنفيذ أكواد ضارة أو إيقاف الخدمات. التأثير محتمل على الأنظمة المدمجة والأجهزة الصناعية.

🤖 ملخص تنفيذي (AI)

CVE-2025-47399 is a memory corruption vulnerability affecting IOCTL sensor property update operations with invalid parameters. Attackers could exploit this to cause denial of service or potentially achieve code execution on affected systems.

🤖 AI Intelligence Analysis Analyzed: May 1, 2026 20:33

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

energy government healthcare telecom

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1499

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Apply vendor security patches immediately. Implement input validation and bounds checking for all IOCTL calls. Deploy kernel-level protections such as ASLR and DEP. Monitor systems for exploitation attempts. Restrict IOCTL access to privileged users only.

🔧 خطوات المعالجة (العربية)

طبق تصحيحات الأمان من المورد فوراً. نفذ التحقق من صحة المدخلات والتحقق من الحدود لجميع استدعاءات IOCTL. استخدم حماية على مستوى النواة مثل ASLR و DEP. راقب محاولات الاستغلال. قيد الوصول إلى IOCTL للمستخدمين المميزين فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-4.1 ECC-4.2 ECC-5.1

🔵 SAMA CSF

ID.RA-1 PR.IP-1 PR.IP-12

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bullet...

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 14 entries

qualcomm:cologne_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

qualcomm:x2000094_firmware:-

qualcomm:xg101002_firmware:-

qualcomm:xg101032_firmware:-

qualcomm:xg101039_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-120

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-02-02

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-120

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-47399

💬 Comments

Introduce Yourself

Sign In Required