Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0231
Vulnerability from certfr_avis - Published: 2026-03-03 - Updated: 2026-03-03
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Google indique que la vulnérabilité CVE-2026-21385 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions ant\u00e9rieures \u00e0 14, 15, 16, 16-qpr2 sans les correctifs de mars 2026",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-61612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61612"
},
{
"name": "CVE-2026-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0005"
},
{
"name": "CVE-2026-20403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20403"
},
{
"name": "CVE-2025-58409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58409"
},
{
"name": "CVE-2025-48644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48644"
},
{
"name": "CVE-2025-48544",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48544"
},
{
"name": "CVE-2026-20425",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20425"
},
{
"name": "CVE-2025-47398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47398"
},
{
"name": "CVE-2026-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0015"
},
{
"name": "CVE-2026-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20422"
},
{
"name": "CVE-2025-64783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64783"
},
{
"name": "CVE-2026-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0026"
},
{
"name": "CVE-2026-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0014"
},
{
"name": "CVE-2026-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20406"
},
{
"name": "CVE-2025-48577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48577"
},
{
"name": "CVE-2024-43766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43766"
},
{
"name": "CVE-2025-58407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58407"
},
{
"name": "CVE-2026-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21735"
},
{
"name": "CVE-2026-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0013"
},
{
"name": "CVE-2025-47388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47388"
},
{
"name": "CVE-2025-61616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61616"
},
{
"name": "CVE-2025-58411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58411"
},
{
"name": "CVE-2025-47339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47339"
},
{
"name": "CVE-2025-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2879"
},
{
"name": "CVE-2026-20426",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20426"
},
{
"name": "CVE-2026-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0030"
},
{
"name": "CVE-2025-48578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48578"
},
{
"name": "CVE-2026-20428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20428"
},
{
"name": "CVE-2025-48568",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48568"
},
{
"name": "CVE-2025-48641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48641"
},
{
"name": "CVE-2025-47366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47366"
},
{
"name": "CVE-2025-48650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48650"
},
{
"name": "CVE-2026-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0011"
},
{
"name": "CVE-2026-20420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20420"
},
{
"name": "CVE-2026-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0023"
},
{
"name": "CVE-2026-20401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20401"
},
{
"name": "CVE-2026-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0017"
},
{
"name": "CVE-2025-58408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58408"
},
{
"name": "CVE-2025-47397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47397"
},
{
"name": "CVE-2025-13952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13952"
},
{
"name": "CVE-2026-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0031"
},
{
"name": "CVE-2025-47395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47395"
},
{
"name": "CVE-2026-20404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20404"
},
{
"name": "CVE-2026-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0020"
},
{
"name": "CVE-2025-48630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48630"
},
{
"name": "CVE-2025-48585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48585"
},
{
"name": "CVE-2025-48635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48635"
},
{
"name": "CVE-2025-48567",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48567"
},
{
"name": "CVE-2025-48574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48574"
},
{
"name": "CVE-2026-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0035"
},
{
"name": "CVE-2026-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0024"
},
{
"name": "CVE-2025-64893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64893"
},
{
"name": "CVE-2025-48634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48634"
},
{
"name": "CVE-2025-47396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47396"
},
{
"name": "CVE-2025-48653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48653"
},
{
"name": "CVE-2026-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0032"
},
{
"name": "CVE-2026-20427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20427"
},
{
"name": "CVE-2025-38616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38616"
},
{
"name": "CVE-2025-69279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69279"
},
{
"name": "CVE-2026-20434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20434"
},
{
"name": "CVE-2025-48642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48642"
},
{
"name": "CVE-2026-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0025"
},
{
"name": "CVE-2025-20761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20761"
},
{
"name": "CVE-2025-10865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10865"
},
{
"name": "CVE-2025-48587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48587"
},
{
"name": "CVE-2026-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0038"
},
{
"name": "CVE-2025-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48619"
},
{
"name": "CVE-2025-47378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47378"
},
{
"name": "CVE-2025-48613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48613"
},
{
"name": "CVE-2025-47402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47402"
},
{
"name": "CVE-2025-47346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47346"
},
{
"name": "CVE-2026-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0006"
},
{
"name": "CVE-2025-40266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
},
{
"name": "CVE-2025-69278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69278"
},
{
"name": "CVE-2026-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20421"
},
{
"name": "CVE-2025-48646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48646"
},
{
"name": "CVE-2025-48609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48609"
},
{
"name": "CVE-2025-47394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47394"
},
{
"name": "CVE-2025-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48631"
},
{
"name": "CVE-2026-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0010"
},
{
"name": "CVE-2025-61614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61614"
},
{
"name": "CVE-2025-32313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32313"
},
{
"name": "CVE-2026-20402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20402"
},
{
"name": "CVE-2026-21385",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21385"
},
{
"name": "CVE-2025-47385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47385"
},
{
"name": "CVE-2026-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0007"
},
{
"name": "CVE-2025-20794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20794"
},
{
"name": "CVE-2026-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0034"
},
{
"name": "CVE-2026-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0012"
},
{
"name": "CVE-2026-0008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0008"
},
{
"name": "CVE-2026-0047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0047"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2025-48602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48602"
},
{
"name": "CVE-2025-61615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61615"
},
{
"name": "CVE-2026-0028",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0028"
},
{
"name": "CVE-2025-48654",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48654"
},
{
"name": "CVE-2025-48605",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48605"
},
{
"name": "CVE-2025-47348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47348"
},
{
"name": "CVE-2025-20795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20795"
},
{
"name": "CVE-2025-59600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59600"
},
{
"name": "CVE-2025-20760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20760"
},
{
"name": "CVE-2025-64784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64784"
},
{
"name": "CVE-2025-61613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61613"
},
{
"name": "CVE-2025-20762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20762"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2025-20793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20793"
},
{
"name": "CVE-2025-48582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48582"
},
{
"name": "CVE-2026-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0027"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2026-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0021"
},
{
"name": "CVE-2025-39682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39682"
},
{
"name": "CVE-2026-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0037"
},
{
"name": "CVE-2025-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48645"
},
{
"name": "CVE-2025-48579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48579"
},
{
"name": "CVE-2026-20405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20405"
},
{
"name": "CVE-2026-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0029"
}
],
"initial_release_date": "2026-03-03T00:00:00",
"last_revision_date": "2026-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0231",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2026-21385 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 Google Android",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01?hl=fr"
}
]
}
CVE-2025-2879 (GCVE-0-2025-2879)
Vulnerability from cvelistv5 – Published: 2025-12-01 10:32 – Updated: 2025-12-01 18:15
VLAI
EPSS
Title
Mali GPU Kernel Driver allows improper GPU processing operations
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Arm Ltd | Valhall GPU Kernel Driver |
Affected:
r29p0 , ≤ r49p4
(patch)
Affected: r50p0 , ≤ r54p0 (patch) |
|
| Arm Ltd | Arm 5th Gen GPU Architecture Kernel Driver |
Affected:
r41p0 , ≤ r49p4
(patch)
Affected: r50p0 , ≤ r54p0 (patch) |
Date Public
2025-12-01 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:14:27.102606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:15:49.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p5",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p4",
"status": "affected",
"version": "r29p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r54p1",
"status": "unaffected"
},
{
"at": "r55p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r54p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p5",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p4",
"status": "affected",
"version": "r41p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r54p1",
"status": "unaffected"
},
{
"at": "r55p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r54p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-12-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.\u003cp\u003eThis issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T10:32:19.477Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/documentation/110697/latest/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue has been fixed in the following versions: Valhall GPU Kernel Driver r49p5, r54p1, r55p0; Arm 5th Gen GPU Architecture Kernel Driver r49p5, r54p1, r55p0. Arm partners are recommended to upgrade to use the latest applicable version as soon as possible.\u003cbr\u003e"
}
],
"value": "This issue has been fixed in the following versions: Valhall GPU Kernel Driver r49p5, r54p1, r55p0; Arm 5th Gen GPU Architecture Kernel Driver r49p5, r54p1, r55p0. Arm partners are recommended to upgrade to use the latest applicable version as soon as possible."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mali GPU Kernel Driver allows improper GPU processing operations",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2025-2879",
"datePublished": "2025-12-01T10:32:19.477Z",
"dateReserved": "2025-03-27T18:06:06.545Z",
"dateUpdated": "2025-12-01T18:15:49.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32313 (GCVE-0-2025-32313)
Vulnerability from cvelistv5 – Published: 2026-03-02 18:41 – Updated: 2026-03-06 03:12
VLAI
EPSS
Summary
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/docs/security/bulletin… | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T04:56:25.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T03:12:26.592Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2025-32313",
"datePublished": "2026-03-02T18:41:57.788Z",
"dateReserved": "2025-04-04T23:30:03.210Z",
"dateUpdated": "2026-03-06T03:12:26.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38616 (GCVE-0-2025-38616)
Vulnerability from cvelistv5 – Published: 2025-08-22 13:01 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
tls: handle data disappearing from under the TLS ULP
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: handle data disappearing from under the TLS ULP
TLS expects that it owns the receive queue of the TCP socket.
This cannot be guaranteed in case the reader of the TCP socket
entered before the TLS ULP was installed, or uses some non-standard
read API (eg. zerocopy ones). Replace the WARN_ON() and a buggy
early exit (which leaves anchor pointing to a freed skb) with real
error handling. Wipe the parsing state and tell the reader to retry.
We already reload the anchor every time we (re)acquire the socket lock,
so the only condition we need to avoid is an out of bounds read
(not having enough bytes in the socket for previously parsed record len).
If some data was read from under TLS but there's enough in the queue
we'll reload and decrypt what is most likely not a valid TLS record.
Leading to some undefined behavior from TLS perspective (corrupting
a stream? missing an alert? missing an attack?) but no kernel crash
should take place.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < f1fe99919f629f980d0b8a7ff16950bffe06a859
(git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < eb0336f213fe88bbdb7d2b19c9c9ec19245a3155 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < db3658a12d5ec4db7185ae7476151a50521b7207 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 2fb97ed9e2672b4f6e24ce206ac1a875ce4bcb38 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 6db015fc4b5d5f63a64a193f65d98da3a7fc811d (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.6.103 , ≤ 6.6.* (semver) Unaffected: 6.12.43 , ≤ 6.12.* (semver) Unaffected: 6.15.11 , ≤ 6.15.* (semver) Unaffected: 6.16.2 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:40:59.907591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:07.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls.h",
"net/tls/tls_strp.c",
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f1fe99919f629f980d0b8a7ff16950bffe06a859",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "eb0336f213fe88bbdb7d2b19c9c9ec19245a3155",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "db3658a12d5ec4db7185ae7476151a50521b7207",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "2fb97ed9e2672b4f6e24ce206ac1a875ce4bcb38",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "6db015fc4b5d5f63a64a193f65d98da3a7fc811d",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls.h",
"net/tls/tls_strp.c",
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.103",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.43",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.11",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: handle data disappearing from under the TLS ULP\n\nTLS expects that it owns the receive queue of the TCP socket.\nThis cannot be guaranteed in case the reader of the TCP socket\nentered before the TLS ULP was installed, or uses some non-standard\nread API (eg. zerocopy ones). Replace the WARN_ON() and a buggy\nearly exit (which leaves anchor pointing to a freed skb) with real\nerror handling. Wipe the parsing state and tell the reader to retry.\n\nWe already reload the anchor every time we (re)acquire the socket lock,\nso the only condition we need to avoid is an out of bounds read\n(not having enough bytes in the socket for previously parsed record len).\n\nIf some data was read from under TLS but there\u0027s enough in the queue\nwe\u0027ll reload and decrypt what is most likely not a valid TLS record.\nLeading to some undefined behavior from TLS perspective (corrupting\na stream? missing an alert? missing an attack?) but no kernel crash\nshould take place."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:31:40.013Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f1fe99919f629f980d0b8a7ff16950bffe06a859"
},
{
"url": "https://git.kernel.org/stable/c/eb0336f213fe88bbdb7d2b19c9c9ec19245a3155"
},
{
"url": "https://git.kernel.org/stable/c/db3658a12d5ec4db7185ae7476151a50521b7207"
},
{
"url": "https://git.kernel.org/stable/c/2fb97ed9e2672b4f6e24ce206ac1a875ce4bcb38"
},
{
"url": "https://git.kernel.org/stable/c/6db015fc4b5d5f63a64a193f65d98da3a7fc811d"
}
],
"title": "tls: handle data disappearing from under the TLS ULP",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38616",
"datePublished": "2025-08-22T13:01:23.217Z",
"dateReserved": "2025-04-16T04:51:24.029Z",
"dateUpdated": "2026-06-11T18:44:07.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38618 (GCVE-0-2025-38618)
Vulnerability from cvelistv5 – Published: 2025-08-22 13:01 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
vsock: Do not allow binding to VMADDR_PORT_ANY
Summary
In the Linux kernel, the following vulnerability has been resolved:
vsock: Do not allow binding to VMADDR_PORT_ANY
It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can
cause a use-after-free when a connection is made to the bound socket.
The socket returned by accept() also has port VMADDR_PORT_ANY but is not
on the list of unbound sockets. Binding it will result in an extra
refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep
the binding until socket destruction).
Modify the check in __vsock_bind_connectible() to also prevent binding
to VMADDR_PORT_ANY.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d021c344051af91f42c5ba9fdedc176740cbd238 , < c04a2c1ca25b9b23104124d3b2d349d934e302de
(git)
Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < d1a5b1964cef42727668ac0d8532dae4f8c19386 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < cf86704798c1b9c46fa59dfc2d662f57d1394d79 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < f138be5d7f301fddad4e65ec66dfc3ceebf79be3 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < 44bd006d5c93f6a8f28b106cbae2428c5d0275b7 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < 32950b1907919be86a7a2697d6f93d57068b3865 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < 8f01093646b49f6330bb2d36761983fd829472b1 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < d73960f0cf03ef1dc9e96ec7a20e538accc26d87 (git) Affected: d021c344051af91f42c5ba9fdedc176740cbd238 , < aba0c94f61ec05315fa7815d21aefa4c87f6a9f4 (git) |
|
| Linux | Linux |
Affected:
3.9
Unaffected: 0 , < 3.9 (semver) Unaffected: 5.4.297 , ≤ 5.4.* (semver) Unaffected: 5.10.241 , ≤ 5.10.* (semver) Unaffected: 5.15.190 , ≤ 5.15.* (semver) Unaffected: 6.1.148 , ≤ 6.1.* (semver) Unaffected: 6.6.102 , ≤ 6.6.* (semver) Unaffected: 6.12.42 , ≤ 6.12.* (semver) Unaffected: 6.15.10 , ≤ 6.15.* (semver) Unaffected: 6.16.1 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:40:30.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:42:30.337631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:23.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/af_vsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c04a2c1ca25b9b23104124d3b2d349d934e302de",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "d1a5b1964cef42727668ac0d8532dae4f8c19386",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "cf86704798c1b9c46fa59dfc2d662f57d1394d79",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "f138be5d7f301fddad4e65ec66dfc3ceebf79be3",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "44bd006d5c93f6a8f28b106cbae2428c5d0275b7",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "32950b1907919be86a7a2697d6f93d57068b3865",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "8f01093646b49f6330bb2d36761983fd829472b1",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "d73960f0cf03ef1dc9e96ec7a20e538accc26d87",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
},
{
"lessThan": "aba0c94f61ec05315fa7815d21aefa4c87f6a9f4",
"status": "affected",
"version": "d021c344051af91f42c5ba9fdedc176740cbd238",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/af_vsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.241",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.297",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.241",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.190",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.148",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.102",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.42",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.10",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.1",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:31:42.326Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de"
},
{
"url": "https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386"
},
{
"url": "https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79"
},
{
"url": "https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3"
},
{
"url": "https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7"
},
{
"url": "https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865"
},
{
"url": "https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1"
},
{
"url": "https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87"
},
{
"url": "https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4"
}
],
"title": "vsock: Do not allow binding to VMADDR_PORT_ANY",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38618",
"datePublished": "2025-08-22T13:01:24.678Z",
"dateReserved": "2025-04-16T04:51:24.029Z",
"dateUpdated": "2026-06-11T18:44:23.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39682 (GCVE-0-2025-39682)
Vulnerability from cvelistv5 – Published: 2025-09-05 17:20 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
tls: fix handling of zero-length records on the rx_list
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix handling of zero-length records on the rx_list
Each recvmsg() call must process either
- only contiguous DATA records (any number of them)
- one non-DATA record
If the next record has different type than what has already been
processed we break out of the main processing loop. If the record
has already been decrypted (which may be the case for TLS 1.3 where
we don't know type until decryption) we queue the pending record
to the rx_list. Next recvmsg() will pick it up from there.
Queuing the skb to rx_list after zero-copy decrypt is not possible,
since in that case we decrypted directly to the user space buffer,
and we don't have an skb to queue (darg.skb points to the ciphertext
skb for access to metadata like length).
Only data records are allowed zero-copy, and we break the processing
loop after each non-data record. So we should never zero-copy and
then find out that the record type has changed. The corner case
we missed is when the initial record comes from rx_list, and it's
zero length.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 2902c3ebcca52ca845c03182000e8d71d3a5196f
(git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 3439c15ae91a517cf3c650ea15a8987699416ad9 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 62708b9452f8eb77513115b17c4f8d1a22ebf843 (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.1.149 , ≤ 6.1.* (semver) Unaffected: 6.6.103 , ≤ 6.6.* (semver) Unaffected: 6.12.44 , ≤ 6.12.* (semver) Unaffected: 6.16.4 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:42:13.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:06:08.852Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:42:07.158655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:19.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2902c3ebcca52ca845c03182000e8d71d3a5196f",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "3439c15ae91a517cf3c650ea15a8987699416ad9",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "62708b9452f8eb77513115b17c4f8d1a22ebf843",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.149",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.103",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.44",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.4",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix handling of zero-length records on the rx_list\n\nEach recvmsg() call must process either\n - only contiguous DATA records (any number of them)\n - one non-DATA record\n\nIf the next record has different type than what has already been\nprocessed we break out of the main processing loop. If the record\nhas already been decrypted (which may be the case for TLS 1.3 where\nwe don\u0027t know type until decryption) we queue the pending record\nto the rx_list. Next recvmsg() will pick it up from there.\n\nQueuing the skb to rx_list after zero-copy decrypt is not possible,\nsince in that case we decrypted directly to the user space buffer,\nand we don\u0027t have an skb to queue (darg.skb points to the ciphertext\nskb for access to metadata like length).\n\nOnly data records are allowed zero-copy, and we break the processing\nloop after each non-data record. So we should never zero-copy and\nthen find out that the record type has changed. The corner case\nwe missed is when the initial record comes from rx_list, and it\u0027s\nzero length."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:34:12.968Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2902c3ebcca52ca845c03182000e8d71d3a5196f"
},
{
"url": "https://git.kernel.org/stable/c/c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677"
},
{
"url": "https://git.kernel.org/stable/c/3439c15ae91a517cf3c650ea15a8987699416ad9"
},
{
"url": "https://git.kernel.org/stable/c/29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e"
},
{
"url": "https://git.kernel.org/stable/c/62708b9452f8eb77513115b17c4f8d1a22ebf843"
}
],
"title": "tls: fix handling of zero-length records on the rx_list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39682",
"datePublished": "2025-09-05T17:20:48.657Z",
"dateReserved": "2025-04-16T07:20:57.113Z",
"dateUpdated": "2026-06-11T18:44:19.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39946 (GCVE-0-2025-39946)
Vulnerability from cvelistv5 – Published: 2025-10-04 07:31 – Updated: 2026-06-16 16:11
VLAI
EPSS
Title
tls: make sure to abort the stream if headers are bogus
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: make sure to abort the stream if headers are bogus
Normally we wait for the socket to buffer up the whole record
before we service it. If the socket has a tiny buffer, however,
we read out the data sooner, to prevent connection stalls.
Make sure that we abort the connection when we find out late
that the record is actually invalid. Retrying the parsing is
fine in itself but since we copy some more data each time
before we parse we can overflow the allocated skb space.
Constructing a scenario in which we're under pressure without
enough data in the socket to parse the length upfront is quite
hard. syzbot figured out a way to do this by serving us the header
in small OOB sends, and then filling in the recvbuf with a large
normal send.
Make sure that tls_rx_msg_size() aborts strp, if we reach
an invalid record there's really no way to recover.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < b36462146d86b1f22e594fe4dae611dffacfb203
(git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 4cefe5be73886f383639fe0850bb72d5b568a7b9 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 208640e6225cc929a05adbf79d1df558add3e231 (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 61ca2da5fb8f433ce8bbd1657c84a86272133e6b (git) Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 0aeb54ac4cd5cf8f60131b4d9ec0b6dc9c27b20d (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.1.154 , ≤ 6.1.* (semver) Unaffected: 6.6.108 , ≤ 6.6.* (semver) Unaffected: 6.12.49 , ≤ 6.12.* (semver) Unaffected: 6.16.9 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T16:09:56.692660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T16:11:14.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls.h",
"net/tls/tls_strp.c",
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b36462146d86b1f22e594fe4dae611dffacfb203",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "4cefe5be73886f383639fe0850bb72d5b568a7b9",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "208640e6225cc929a05adbf79d1df558add3e231",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "61ca2da5fb8f433ce8bbd1657c84a86272133e6b",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
},
{
"lessThan": "0aeb54ac4cd5cf8f60131b4d9ec0b6dc9c27b20d",
"status": "affected",
"version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls.h",
"net/tls/tls_strp.c",
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.154",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.108",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.49",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:39:28.960Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b36462146d86b1f22e594fe4dae611dffacfb203"
},
{
"url": "https://git.kernel.org/stable/c/4cefe5be73886f383639fe0850bb72d5b568a7b9"
},
{
"url": "https://git.kernel.org/stable/c/208640e6225cc929a05adbf79d1df558add3e231"
},
{
"url": "https://git.kernel.org/stable/c/61ca2da5fb8f433ce8bbd1657c84a86272133e6b"
},
{
"url": "https://git.kernel.org/stable/c/0aeb54ac4cd5cf8f60131b4d9ec0b6dc9c27b20d"
}
],
"title": "tls: make sure to abort the stream if headers are bogus",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39946",
"datePublished": "2025-10-04T07:31:07.871Z",
"dateReserved": "2025-04-16T07:20:57.148Z",
"dateUpdated": "2026-06-16T16:11:14.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40266 (GCVE-0-2025-40266)
Vulnerability from cvelistv5 – Published: 2025-12-04 16:08 – Updated: 2026-06-16 19:59
VLAI
EPSS
Title
KVM: arm64: Check the untrusted offset in FF-A memory share
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Check the untrusted offset in FF-A memory share
Verify the offset to prevent OOB access in the hypervisor
FF-A buffer in case an untrusted large enough value
[U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX]
is set from the host kernel.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6211753fdfd05af9e08f54c8d0ba3ee516034878 , < fc3139d9f4c1fe1c7d5f25f99676bd8e9c6a1041
(git)
Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < bc1909ef38788f2ee3d8011d70bf029948433051 (git) Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < f9f1aed6c8a3427900da3121e1868124854569c3 (git) Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 103e17aac09cdd358133f9e00998b75d6c1f1518 (git) |
|
| Linux | Linux |
Affected:
3.11
Unaffected: 0 , < 3.11 (semver) Unaffected: 6.6.118 , ≤ 6.6.* (semver) Unaffected: 6.12.60 , ≤ 6.12.* (semver) Unaffected: 6.17.10 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T19:59:35.285244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T19:59:44.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/hyp/nvhe/ffa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fc3139d9f4c1fe1c7d5f25f99676bd8e9c6a1041",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "bc1909ef38788f2ee3d8011d70bf029948433051",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "f9f1aed6c8a3427900da3121e1868124854569c3",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "103e17aac09cdd358133f9e00998b75d6c1f1518",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/hyp/nvhe/ffa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.118",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.60",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.10",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Check the untrusted offset in FF-A memory share\n\nVerify the offset to prevent OOB access in the hypervisor\nFF-A buffer in case an untrusted large enough value\n[U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX]\nis set from the host kernel."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:46:00.988Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fc3139d9f4c1fe1c7d5f25f99676bd8e9c6a1041"
},
{
"url": "https://git.kernel.org/stable/c/bc1909ef38788f2ee3d8011d70bf029948433051"
},
{
"url": "https://git.kernel.org/stable/c/f9f1aed6c8a3427900da3121e1868124854569c3"
},
{
"url": "https://git.kernel.org/stable/c/103e17aac09cdd358133f9e00998b75d6c1f1518"
}
],
"title": "KVM: arm64: Check the untrusted offset in FF-A memory share",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40266",
"datePublished": "2025-12-04T16:08:25.392Z",
"dateReserved": "2025-04-16T07:20:57.183Z",
"dateUpdated": "2026-06-16T19:59:44.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47339 (GCVE-0-2025-47339)
Vulnerability from cvelistv5 – Published: 2026-01-06 22:48 – Updated: 2026-01-07 16:16
VLAI
EPSS
Title
Use After Free in HLOS
Summary
Memory corruption while deinitializing a HDCP session.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8035
Affected: AR9380 Affected: CSR8811 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: Immersive Home 214 Platform Affected: Immersive Home 216 Platform Affected: Immersive Home 316 Platform Affected: Immersive Home 318 Platform Affected: IPQ4018 Affected: IPQ4019 Affected: IPQ4028 Affected: IPQ4029 Affected: IPQ5010 Affected: IPQ5028 Affected: IPQ6000 Affected: IPQ6010 Affected: IPQ6018 Affected: IPQ6028 Affected: IPQ8064 Affected: IPQ8065 Affected: IPQ8068 Affected: IPQ8070 Affected: IPQ8070A Affected: IPQ8071 Affected: IPQ8071A Affected: IPQ8072 Affected: IPQ8072A Affected: IPQ8074 Affected: IPQ8074A Affected: IPQ8076 Affected: IPQ8076A Affected: IPQ8078 Affected: IPQ8078A Affected: IPQ8173 Affected: IPQ8174 Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA4024 Affected: QCA6174A Affected: QCA6428 Affected: QCA6438 Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6797AQ Affected: QCA7500 Affected: QCA8075 Affected: QCA8081 Affected: QCA8337 Affected: QCA9880 Affected: QCA9886 Affected: QCA9888 Affected: QCA9889 Affected: QCA9898 Affected: QCA9980 Affected: QCA9984 Affected: QCA9985 Affected: QCA9986 Affected: QCA9990 Affected: QCA9992 Affected: QCA9994 Affected: QCC710 Affected: QCM5430 Affected: QCM6490 Affected: QCN5022 Affected: QCN5024 Affected: QCN5052 Affected: QCN5122 Affected: QCN5124 Affected: QCN5152 Affected: QCN5154 Affected: QCN5164 Affected: QCN6023 Affected: QCN6024 Affected: QCN6112 Affected: QCN6122 Affected: QCN6132 Affected: QCN6224 Affected: QCN6274 Affected: QCN9000 Affected: QCN9022 Affected: QCN9024 Affected: QCN9070 Affected: QCN9072 Affected: QCN9074 Affected: QCN9100 Affected: QCN9274 Affected: QCS5430 Affected: QCS615 Affected: QCS6490 Affected: QCS9100 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: Qualcommr Video Collaboration VC3 Platform Affected: SA6145P Affected: SA6150P Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8145P Affected: SA8150P Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8295P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8380XP Affected: SDX55 Affected: SM4635 Affected: SM6475 Affected: SM6650 Affected: SM6650P Affected: SM7435 Affected: SM7635 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 6 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon X32 5G Modem-RF System Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SXR2330P Affected: SXR2350P Affected: WCD9340 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3950 Affected: WCN3988 Affected: WCN6650 Affected: WCN6755 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:55:21.171555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:16:14.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "AR9380"
},
{
"status": "affected",
"version": "CSR8811"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "Immersive Home 214 Platform"
},
{
"status": "affected",
"version": "Immersive Home 216 Platform"
},
{
"status": "affected",
"version": "Immersive Home 316 Platform"
},
{
"status": "affected",
"version": "Immersive Home 318 Platform"
},
{
"status": "affected",
"version": "IPQ4018"
},
{
"status": "affected",
"version": "IPQ4019"
},
{
"status": "affected",
"version": "IPQ4028"
},
{
"status": "affected",
"version": "IPQ4029"
},
{
"status": "affected",
"version": "IPQ5010"
},
{
"status": "affected",
"version": "IPQ5028"
},
{
"status": "affected",
"version": "IPQ6000"
},
{
"status": "affected",
"version": "IPQ6010"
},
{
"status": "affected",
"version": "IPQ6018"
},
{
"status": "affected",
"version": "IPQ6028"
},
{
"status": "affected",
"version": "IPQ8064"
},
{
"status": "affected",
"version": "IPQ8065"
},
{
"status": "affected",
"version": "IPQ8068"
},
{
"status": "affected",
"version": "IPQ8070"
},
{
"status": "affected",
"version": "IPQ8070A"
},
{
"status": "affected",
"version": "IPQ8071"
},
{
"status": "affected",
"version": "IPQ8071A"
},
{
"status": "affected",
"version": "IPQ8072"
},
{
"status": "affected",
"version": "IPQ8072A"
},
{
"status": "affected",
"version": "IPQ8074"
},
{
"status": "affected",
"version": "IPQ8074A"
},
{
"status": "affected",
"version": "IPQ8076"
},
{
"status": "affected",
"version": "IPQ8076A"
},
{
"status": "affected",
"version": "IPQ8078"
},
{
"status": "affected",
"version": "IPQ8078A"
},
{
"status": "affected",
"version": "IPQ8173"
},
{
"status": "affected",
"version": "IPQ8174"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA4024"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6428"
},
{
"status": "affected",
"version": "QCA6438"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA7500"
},
{
"status": "affected",
"version": "QCA8075"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9880"
},
{
"status": "affected",
"version": "QCA9886"
},
{
"status": "affected",
"version": "QCA9888"
},
{
"status": "affected",
"version": "QCA9889"
},
{
"status": "affected",
"version": "QCA9898"
},
{
"status": "affected",
"version": "QCA9980"
},
{
"status": "affected",
"version": "QCA9984"
},
{
"status": "affected",
"version": "QCA9985"
},
{
"status": "affected",
"version": "QCA9986"
},
{
"status": "affected",
"version": "QCA9990"
},
{
"status": "affected",
"version": "QCA9992"
},
{
"status": "affected",
"version": "QCA9994"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN5022"
},
{
"status": "affected",
"version": "QCN5024"
},
{
"status": "affected",
"version": "QCN5052"
},
{
"status": "affected",
"version": "QCN5122"
},
{
"status": "affected",
"version": "QCN5124"
},
{
"status": "affected",
"version": "QCN5152"
},
{
"status": "affected",
"version": "QCN5154"
},
{
"status": "affected",
"version": "QCN5164"
},
{
"status": "affected",
"version": "QCN6023"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6112"
},
{
"status": "affected",
"version": "QCN6122"
},
{
"status": "affected",
"version": "QCN6132"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9000"
},
{
"status": "affected",
"version": "QCN9022"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9070"
},
{
"status": "affected",
"version": "QCN9072"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCN9100"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "Qualcommr Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6475"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7435"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7635P"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "SXR2350P"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while deinitializing a HDCP session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T22:48:36.574Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"title": "Use After Free in HLOS"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-47339",
"datePublished": "2026-01-06T22:48:36.574Z",
"dateReserved": "2025-05-06T08:33:16.262Z",
"dateUpdated": "2026-01-07T16:16:14.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47346 (GCVE-0-2025-47346)
Vulnerability from cvelistv5 – Published: 2026-01-06 22:48 – Updated: 2026-01-07 16:15
VLAI
EPSS
Title
Out-of-bounds Write in HLOS
Summary
Memory corruption while processing a secure logging command in the trusted application.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8035
Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA6174A Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCC710 Affected: QCM5430 Affected: QCM6490 Affected: QCN6224 Affected: QCN6274 Affected: QCS5430 Affected: QCS615 Affected: QCS6490 Affected: QCS9100 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: Qualcommr Video Collaboration VC3 Platform Affected: SA6145P Affected: SA6150P Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8145P Affected: SA8150P Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8295P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8380XP Affected: SM4635 Affected: SM6475 Affected: SM6650 Affected: SM6650P Affected: SM7435 Affected: SM7635 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 6 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon X32 5G Modem-RF System Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SXR2330P Affected: SXR2350P Affected: WCD9340 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3950 Affected: WCN3988 Affected: WCN6650 Affected: WCN6755 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:54:50.905925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:15:53.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon WBC"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "Qualcommr Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6475"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7435"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7635P"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "SXR2350P"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing a secure logging command in the trusted application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T22:48:40.524Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"title": "Out-of-bounds Write in HLOS"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-47346",
"datePublished": "2026-01-06T22:48:40.524Z",
"dateReserved": "2025-05-06T08:33:16.263Z",
"dateUpdated": "2026-01-07T16:15:53.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47348 (GCVE-0-2025-47348)
Vulnerability from cvelistv5 – Published: 2026-01-06 22:48 – Updated: 2026-01-07 16:15
VLAI
EPSS
Title
Use of Uninitialized Variable in HLOS
Summary
Memory corruption while processing identity credential operations in the trusted application.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: AR8035 Affected: CSRA6620 Affected: CSRA6640 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA6174A Affected: QCA6391 Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6698AU Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCC710 Affected: QCM2290 Affected: QCM4490 Affected: QCM5430 Affected: QCM6125 Affected: QCM6490 Affected: QCM8550 Affected: QCN6024 Affected: QCN6224 Affected: QCN6274 Affected: QCN9011 Affected: QCN9012 Affected: QCN9024 Affected: QCS2290 Affected: QCS4490 Affected: QCS5430 Affected: QCS6125 Affected: QCS615 Affected: QCS6490 Affected: QCS8550 Affected: QCS9100 Affected: QDU1010 Affected: QDX1010 Affected: QDX1011 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: Qualcommr Video Collaboration VC1 Platform Affected: Qualcommr Video Collaboration VC3 Platform Affected: Robotics RB2 Platform Affected: SA4150P Affected: SA4155P Affected: SA6145P Affected: SA6150P Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8145P Affected: SA8150P Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8295P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8380XP Affected: SD 8 Gen1 5G Affected: SD855 Affected: SD865 5G Affected: SDX61 Affected: SG4150P Affected: SG8275 Affected: SG8275P Affected: SM4635 Affected: SM6225P Affected: SM6475 Affected: SM6650 Affected: SM6650P Affected: SM7250P Affected: SM7325P Affected: SM7435 Affected: SM7550 Affected: SM7550P Affected: SM7635 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8475P Affected: SM8550P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: Smart Audio 400 Platform Affected: Snapdragon 4 Gen 1 Mobile Platform Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 480 5G Mobile Platform Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Affected: Snapdragon 6 Gen 1 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 680 4G Mobile Platform Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD) Affected: Snapdragon 690 5G Mobile Platform Affected: Snapdragon 695 5G Mobile Platform Affected: Snapdragon 7 Gen 1 Mobile Platform Affected: Snapdragon 7+ Gen 2 Mobile Platform Affected: Snapdragon 720G Mobile Platform Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA) Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Affected: Snapdragon 778G 5G Mobile Platform Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Affected: Snapdragon 782G Mobile Platform (SM7325-AF) Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 2 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 8+ Gen 1 Mobile Platform Affected: Snapdragon 8+ Gen 2 Mobile Platform Affected: Snapdragon 855 Mobile Platform Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon 888 5G Mobile Platform Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon X32 5G Modem-RF System Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR1 Platform Affected: Snapdragon XR2 5G Platform Affected: Snapdragon XR2+ Gen 1 Platform Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SSG2115P Affected: SSG2125P Affected: SXR1120 Affected: SXR1230P Affected: SXR2230P Affected: SXR2250P Affected: SXR2330P Affected: SXR2350P Affected: WCD9326 Affected: WCD9335 Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9371 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3910 Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN6650 Affected: WCN6740 Affected: WCN6755 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:54:42.782966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:15:48.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon WBC"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6698AU"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "Qualcommr Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcommr Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB2 Platform"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX61"
},
{
"status": "affected",
"version": "SG4150P"
},
{
"status": "affected",
"version": "SG8275"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6225P"
},
{
"status": "affected",
"version": "SM6475"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SM7435"
},
{
"status": "affected",
"version": "SM7550"
},
{
"status": "affected",
"version": "SM7550P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7635P"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8475P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
},
{
"status": "affected",
"version": "Snapdragon 690 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 720G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 778G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
},
{
"status": "affected",
"version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1120"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "SXR2350P"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing identity credential operations in the trusted application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T22:48:41.474Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"title": "Use of Uninitialized Variable in HLOS"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-47348",
"datePublished": "2026-01-06T22:48:41.474Z",
"dateReserved": "2025-05-06T08:33:16.263Z",
"dateUpdated": "2026-01-07T16:15:48.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…