March 2026 Security Bulletin
Published: 03/02/2026
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2025-47384 | Qiqing Huang, Hongxin Hu of UBSec |
| CVE-2026-21385 | Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
| CVE-2025-47371 | Hoang Dinh Tuan of KAIST Syssec |
| CVE-2025-47375,CVE-2025-47376,CVE-2025-47377,CVE-2025-47381,CVE-2025-47386 | conghuiwang |
| CVE-2025-47379 | heiheidada |
| CVE-2025-47383 | Hyunwoo Lee |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2025-47373 | High | High | Automotive Security | Internal |
| CVE-2025-47378 | High | High | HLOS | Internal |
| CVE-2025-47384 | High | Medium | FW | 03/25/2025 |
| CVE-2025-47385 | High | High | SCE-Mink | Internal |
| CVE-2025-59603 | High | High | Computer Vision | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2025-47371 | Medium | Medium | Modem | 02/15/2024 |
| CVE-2025-47383 | Medium | High | Data Modem | 10/16/2024 |
CVE-2025-47373
| CVE ID | CVE-2025-47373 |
| Title | Out-of-bounds Write in Automotive |
| Description | Memory Corruption when accessing buffers with invalid length during TA invocation. |
| Technology Area | Automotive Security |
| Vulnerability Type | CWE-787: Out-of-bounds Write |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | AR8035, Cologne, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, FWA Gen 3 Ultra Platform, G1 Gen 1, G2 Gen 1, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, Milos, Monaco_IOT, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAM8620P, QAMSRV1H, QAMSRV1M, QCA0000, QCA6174A, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCC710, QCM4325, QCM4490, QCM5430, QCM6490, QCN6224, QCN6274, QCN9011, QCN9012, QCS4290, QCS4490, QCS8550, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QLN1083BD, QLN1086BD, QMP1000, QPA1083BD, QPA1086BD, QRU1032, Qualcomm Dragonwing™ QRU100 Platform, Qualcomm Dragonwing™ X100 Accelerator Card, Qualcomm® Video Collaboration VC3 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR1250P, SAR2130P, SAR2230P, SC8380XP, SD 8 Gen1 5G, SD662, SM6225P, SM6650P, SM7435, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8750P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, SRV1H, SRV1L, SRV1M, SW6100, SW6100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9378C, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3988, WCN6450, WCN6650, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2025-47378
| CVE ID | CVE-2025-47378 |
| Title | Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS |
| Description | Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. |
| Technology Area | HLOS |
| Vulnerability Type | CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.1 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | Cologne, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, LeMans_AU_LGIT, LeMansAU, Pandeiro, QAM8255P, QAMSRV1H, QAMSRV1M, QCA6391, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QLN1083BD, QLN1086BD, QPA1083BD, QPA1086BD, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, SA7255P, SA7775P, SA8255P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR1250P, SAR2130P, SAR2230P, SD865 5G, Snapdragon 8 Elite Gen 5, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SXR2230P, SXR2250P, WCD9378C, WCD9380, WCD9385, WCD9395, WCN3950, WCN7860, WCN7861, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2025-47384
| CVE ID | CVE-2025-47384 |
| Title | Reachable Assertion in FW |
| Description | Transient DOS when MAC configures config id greater than supported maximum value. |
| Technology Area | FW |
| Vulnerability Type | CWE-617 Reachable Assertion |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2025/03/25 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | 5G Fixed Wireless Access Platform, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, QCA6391, QCA6574A, QCA6595AU, QCA6696, QCA6698AQ, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SDX57M, SM7325P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2025-47385
| CVE ID | CVE-2025-47385 |
| Title | Improper Access Control for Register Interface in SCE-Mink |
| Description | Memory Corruption when accessing trusted execution environment without proper privilege check. |
| Technology Area | SCE-Mink |
| Vulnerability Type | CWE-1262: Improper Access Control for Register Interface |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, G2 Gen 1, LeMans_AU_LGIT, LeMansAU, Milos, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8695AU, QCA9367, QCA9377, QLN1083BD, QLN1086BD, QMP1000, QPA1083BD, QPA1086BD, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR1250P, SAR2230P, SM7435, SM8750P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon AR1+ Gen 1 Platform, Snapdragon W5+ Gen 1 Wearable Platform, SRV1H, SRV1M, SW5100, SW5100P, SXR2330P, SXR2350P, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9395, WCN3950, WCN3988, WCN6450, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
CVE-2025-59603
| CVE ID | CVE-2025-59603 |
| Title | Out-of-bounds Write in Computer Vision |
| Description | Memory Corruption when processing invalid user address with nonstandard buffer address. |
| Technology Area | Computer Vision |
| Vulnerability Type | CWE-787: Out-of-bounds Write |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | Cologne, FastConnect 6900, FastConnect 7800, QCA0000, SC8380XP, SD865 5G, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, WCD9378C, WCD9380, WCD9385, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039 |
CVE-2025-47371
| CVE ID | CVE-2025-47371 |
| Title | Reachable Assertion in Modem |
| Description | Transient DOS when an LTE RLC packet with invalid TB is received by UE. |
| Technology Area | Modem |
| Vulnerability Type | CWE-617 Reachable Assertion |
| Access Vector | Remote |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2024/02/15 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | 5G Fixed Wireless Access Platform, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, FWA Gen 3 Ultra Platform, G1 Gen 1, Milos, Netrani, Orne, Palawan25, QCA6174A, QCA6391, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCC710, QCM2290, QCM4325, QCM4490, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS8550, QFW7114, QFW7124, QMP1000, Robotics RB2 Platform, SD 8 Gen1 5G, SD662, SDX61, SDX71M, SM6225P, SM6250, SM6650P, SM7435, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8750P, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 7c Compute Platform, Snapdragon 7c Gen 2 Compute Platform "Rennell Pro", Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon X80 5G Modem-RF System, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3988, WCN6650, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
CVE-2025-47383
| CVE ID | CVE-2025-47383 |
| Title | Missing Cryptographic Step in Data Modem |
| Description | Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
| Technology Area | Data Modem |
| Vulnerability Type | CWE-325: Missing Cryptographic Step |
| Access Vector | Remote |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/10/16 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | 5G Fixed Wireless Access Platform, 9206 LTE Modem, 9207 LTE Modem, APQ8098, AQT1000, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, FSM100 Platform, FWA Gen 3 Ultra Platform, G1 Gen 1, MDM8207, MDM9250, MDM9628, MDM9640, Milos, Netrani, Orne, Palawan25, QCA6174A, QCA6391, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCC710, QCM2290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS8550, QEP8111, QFW7114, QFW7124, QMP1000, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Robotics RB2 Platform, SD 8 Gen1 5G, SD626, SD662, SDA660, SDM429W, SDX57M, SDX61, SDX71M, SM6225P, SM6250, SM6650P, SM7325P, SM7435, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8750P, Smart Display 200 Platform, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c Compute Platform, Snapdragon 7c Gen 2 Compute Platform "Rennell Pro", Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 820Am, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon 8c Compute Platform "Poipu Lite", Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite", Snapdragon 8cx Compute Platform, Snapdragon 8cx Compute Platform "Poipu Pro", Snapdragon 8cx Gen 2 5G Compute Platform, Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro", Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X5 LTE Modem, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon X80 5G Modem-RF System, Snapdragon Auto 4G Modem, SW5100, SW5100P, SW6100, SW6100P, Themisto, Vision Intelligence 100 Platform, Vision Intelligence 200 Platform, Vision Intelligence 400 Platform, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6650, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2025-59600 | High | High | Graphics | Internal |
| CVE-2026-21385 | High | High | Graphics | 12/18/2025 |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2025-47375 | Medium | High | Automotive Audio | 05/13/2025 |
| CVE-2025-47376 | Medium | High | Automotive Audio | 05/13/2025 |
| CVE-2025-47377 | Medium | High | Automotive Audio | 05/13/2025 |
| CVE-2025-47379 | Medium | High | Automotive Audio | 05/12/2025 |
| CVE-2025-47381 | Medium | High | Automotive Audio | 05/12/2025 |
| CVE-2025-47386 | Medium | High | Automotive Audio | 05/13/2025 |
CVE-2025-59600
| CVE ID | CVE-2025-59600 |
| Title | Buffer Over-read in Graphics |
| Description | Memory Corruption when adding user-supplied data without checking available buffer space. |
| Technology Area | Graphics |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2025/12/01 |
| Affected Chipsets* | AR8031, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, G1 Gen 1, G2 Gen 1, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, MDM9628, Milos, Monaco_IOT, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCM2290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS8550, QLN1083BD, QLN1086BD, QMP1000, QPA1083BD, QPA1086BD, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR1250P, SAR2130P, SAR2230P, SC8380XP, SD662, SD865 5G, SDX61, SM6225P, SM6650P, SM7435, SM7635P, SM7675, SM7675P, SM8635, SM8635P, SM8650Q, SM8750P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X65 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SW5100, SW5100P, SW6100, SW6100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, WCD9335, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2026-21385
| CVE ID | CVE-2026-21385 |
| Title | Integer Overflow or Wraparound in Graphics |
| Description | Memory corruption while using alignments for memory allocation. |
| Technology Area | Graphics |
| Vulnerability Type | CWE-190 Integer Overflow or Wraparound |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/12/18 |
| Customer Notified Date | 2026/02/02 |
| Affected Chipsets* | 5G Fixed Wireless Access Platform, APQ8098, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FSM100 Platform, G1 Gen 1, G2 Gen 1, IQ6 Series Platform, IQ8 Series Platform, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, MDM9250, MDM9628, Milos, Monaco_IOT, Netrani, Orne, Palawan25, Pandeiro, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCA9367, QCA9377, QCM2290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS2290, QCS4290, QCS4490, QCS8550, QLN1083BD, QLN1086BD, QMP1000, QPA1083BD, QPA1086BD, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, QXM1083, QXM1086, QXM1093, QXM1094, QXM1095, QXM1096, Robotics RB2 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR1250P, SAR2130P, SAR2230P, SC8380XP, SD 8 Gen1 5G, SD626, SD662, SD865 5G, SDA660, SDM429W, SDX61, SM6225P, SM6650P, SM7325P, SM7435, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8750P, Smart Audio 400 Platform, Smart Display 200 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Elite Gen 5, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 820Am, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SW5100, SW5100P, SW6100, SW6100P, SXR2230P, SXR2250P, SXR2330P, SXR2350P, Themisto, Vision Intelligence 100 Platform, Vision Intelligence 200 Platform, Vision Intelligence 400 Platform, WCD9326, WCD9330, WCD9335, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2025-47375
| CVE ID | CVE-2025-47375 |
| Title | Use After Free in Automotive Audio |
| Description | Memory corruption while handling different IOCTL calls from the user-space simultaneously. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/05/13 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | AR8031, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, G1 Gen 1, LeMans_AU_LGIT, LeMansAU, MDM9250, MDM9628, Milos, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCA9367, QCA9377, QCC710, QCM2290, QCM4325, QCM5430, QCM6125, QCM6490, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QEP8111, QFW7114, QFW7124, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SD662, SD865 5G, SDA660, SM6225P, SM6650P, SM7325P, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2025-47376
| CVE ID | CVE-2025-47376 |
| Title | Use After Free in Automotive Audio |
| Description | Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/05/13 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | AR8031, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, G1 Gen 1, LeMans_AU_LGIT, LeMansAU, MDM9250, MDM9628, Milos, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCA9367, QCA9377, QCC710, QCM2290, QCM4325, QCM5430, QCM6125, QCM6490, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS8550, QEP8111, QFW7114, QFW7124, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SD662, SD865 5G, SDA660, SM6225P, SM6650P, SM7325P, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2025-47377
| CVE ID | CVE-2025-47377 |
| Title | Use After Free in Automotive Audio |
| Description | Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/05/13 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | AR8035, FastConnect 6200, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, G1 Gen 1, LeMans_AU_LGIT, LeMansAU, Milos, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCA9367, QCA9377, QCC710, QCM2290, QCM4325, QCM6125, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS8550, QEP8111, QFW7114, QFW7124, QRB5165N, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB5 Platform, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SD662, SM6225P, SM6650P, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, SRV1H, SRV1M, SW5100, SW5100P, SXR2330P, SXR2350P, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2025-47379
| CVE ID | CVE-2025-47379 |
| Title | Use After Free in Automotive Audio |
| Description | Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/05/12 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | 5G Fixed Wireless Access Platform, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, G1 Gen 1, LeMans_AU_LGIT, LeMansAU, MDM9250, MDM9628, Milos, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCA9367, QCA9377, QCC710, QCM2290, QCM4325, QCM5430, QCM6125, QCM6490, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS8550, QEP8111, QFW7114, QFW7124, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SD662, SD865 5G, SDA660, SM6225P, SM6650P, SM7325P, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SRV1H, SRV1M, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
CVE-2025-47381
| CVE ID | CVE-2025-47381 |
| Title | Use After Free in Automotive Audio |
| Description | Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/05/12 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | LeMans_AU_LGIT, LeMansAU, QAM8255P, QAMSRV1H, QAMSRV1M, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA9367, QCA9377, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8620P, SA8770P, SA9000P, SRV1H, SRV1M |
| Patch** |
CVE-2025-47386
| CVE ID | CVE-2025-47386 |
| Title | Use After Free in Automotive Audio |
| Description | Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2025/05/13 |
| Customer Notified Date | 2025/09/01 |
| Affected Chipsets* | AR8031, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FWA Gen 3 Ultra Platform, G1 Gen 1, LeMans_AU_LGIT, LeMansAU, MDM9250, MDM9628, Milos, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA2066, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6698AU, QCA6797AQ, QCA8081, QCA8337, QCA8695AU, QCA9367, QCA9377, QCC710, QCM2290, QCM4325, QCM5430, QCM6125, QCM6490, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS4290, QCS8550, QEP8111, QFW7114, QFW7124, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SD662, SD865 5G, SDA660, SM6225P, SM6650P, SM7325P, SM7550, SM7550P, SM7635P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 6 Gen 4 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform, Snapdragon 782G Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 7s Gen 3 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform, Snapdragon 870 5G Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X53 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2025-47373
- CVE-2025-47378
- CVE-2025-47384
- CVE-2025-47385
- CVE-2025-59603
- CVE-2025-47371
- CVE-2025-47383
- Open Source Software Issues
- CVE-2025-59600
- CVE-2026-21385
- CVE-2025-47375
- CVE-2025-47376
- CVE-2025-47377
- CVE-2025-47379
- CVE-2025-47381
- CVE-2025-47386
- Industry Coordination
