CVE-2025-47372

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon (affected versions not specified)

Description A flaw exists in Qualcomm Snapdragon chipsets related to insufficient input validation during buffer copying. Specifically, a corrupted ELF image with an oversized file size can be read into a buffer without proper authentication, leading to potential memory corruption. This issue impacts components such as HLOS, TZ Firmware, DSP, audio, and camera. The vulnerability compromises the boot process and poses a local privilege escalation risk. Millions of devices may be affected. The issue involves a buffer copy operation without checking the size of the input data. The vulnerability is present in the secure boot process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.