Vulnerabilities ›

CVE-2025-47408

High

CWE-822 — Weakness Type

                    Published: May 4, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

🤖 AI Executive Summary

CVE-2025-47408 is a memory corruption vulnerability triggered when a driver receives an IOCTL call with invalid input/output buffers, potentially allowing privilege escalation or system crash. The vulnerability affects driver-to-driver communication and requires local access to exploit.

📄 Description (Arabic)

هذا الثغرة تتعلق بتلف الذاكرة الذي يحدث عندما يستدعي مشغل جهاز آخر IOCTL برسائل إدخال/إخراج غير صحيحة. قد يؤدي هذا إلى تصعيد الامتيازات أو انهيار النظام أو تنفيذ كود عشوائي. تتطلب الاستفادة من هذه الثغرة وصولاً محلياً وقدرة على التفاعل مع مشغلات الأجهزة.

🤖 ملخص تنفيذي (AI)

This vulnerability involves memory corruption in driver IOCTL handling when invalid buffers are passed, potentially leading to system instability or unauthorized privilege elevation. Local attackers with driver interaction capabilities could exploit this flaw.

🤖 AI Intelligence Analysis Analyzed: May 8, 2026 03:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government energy banking telecom healthcare

🎯 MITRE ATT&CK Techniques

T1547.008 T1547.010 T1068

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Apply vendor security patches immediately. Implement strict input validation for all IOCTL calls. Deploy driver signature enforcement and code integrity checks. Monitor system logs for suspicious driver interactions. Restrict driver loading to trusted sources only.

🔧 خطوات المعالجة (العربية)

تطبيق تصحيحات الأمان من المورد فوراً. تنفيذ التحقق الصارم من صحة المدخلات لجميع استدعاءات IOCTL. نشر فرض توقيع مشغل الجهاز والتحقق من سلامة الكود. مراقبة سجلات النظام للتفاعلات المريبة مع مشغلات الأجهزة. تقييد تحميل مشغلات الأجهزة من مصادر موثوقة فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

3.1.1 3.2.1 3.3.1

🔵 SAMA CSF

ID.AM-2 PR.DS-1 PR.PT-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 20 entries

qualcomm:fastconnect_6200_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:iqx5121_firmware:-

qualcomm:iqx7181_firmware:-

qualcomm:qca0000_firmware:-

qualcomm:sc8380xp_firmware:-

qualcomm:sd865_5g_firmware:-

qualcomm:sm6250_firmware:-

qualcomm:snapdragon_7c_compute_firmware:-

qualcomm:snapdragon_7c_gen_2_compute_firmware:-

qualcomm:snapdragon_xr2_5g_firmware:-

qualcomm:snapdragon_xr2\+_gen_1_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wsa8810_firmware:-

qualcomm:wsa8815_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-822

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-05-04

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-822

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-47408

💬 Comments

Introduce Yourself

Sign In Required