CVE-2025-47332

Q: What is the severity of CVE-2025-47332?

CVE-2025-47332 has a CVSS score of 6.7 (MEDIUM). This vulnerability involves memory corruption when processing configuration calls from userspace in Qualcomm components, potentially allowing local attackers to execute arbitrary code or cause denial of service. It affects systems with Qualcomm chipsets that have vulnerable drivers or firmware. The impact is limited to attackers with local access to the affected system.

6.7 MEDIUM

📋 TL;DR

This vulnerability involves memory corruption when processing configuration calls from userspace in Qualcomm components, potentially allowing local attackers to execute arbitrary code or cause denial of service. It affects systems with Qualcomm chipsets that have vulnerable drivers or firmware. The impact is limited to attackers with local access to the affected system.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable drivers/firmware

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset models and driver versions.

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where Qualcomm drivers or firmware handle userspace configuration calls. Exact configurations depend on chipset integration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel mode, allowing complete system compromise and persistence.

🟠

Likely Case

Local denial of service (system crash) or limited information disclosure from kernel memory.

🟢

If Mitigated

No impact if proper access controls prevent unauthorized users from making configuration calls.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this for privilege escalation or DoS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of memory corruption techniques. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific patched driver/firmware versions.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html

Restart Required: Yes

Instructions:

1. Review Qualcomm security bulletin for affected chipset models. 2. Obtain updated drivers/firmware from device manufacturer or Qualcomm. 3. Apply patches according to vendor instructions. 4. Reboot system to load patched components.

🔧 Temporary Workarounds

Restrict userspace access

linux

Limit which users or processes can make configuration calls to vulnerable drivers.

Use SELinux/AppArmor policies to restrict access to Qualcomm driver interfaces.
Implement mandatory access controls on /dev nodes related to Qualcomm.

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from interacting with Qualcomm driver interfaces.
Monitor system logs for unusual configuration call patterns or memory corruption warnings.

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset model and driver versions against the security bulletin. Use 'lsmod | grep qualcomm' or similar to identify loaded Qualcomm modules.

Check Version:

For Linux: 'modinfo <qualcomm_module>' or check /sys/class/... for firmware versions. For Android: check build properties or vendor security patches.

Verify Fix Applied:

Verify that Qualcomm driver/firmware versions match patched versions listed in the advisory. Check system logs for absence of memory corruption errors after patch.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning Qualcomm drivers
Memory corruption warnings in dmesg or system logs
Unexpected process crashes related to configuration calls

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for 'qualcomm' AND ('panic' OR 'corruption' OR 'oops') in kernel logs.

📊 Metadata

CVE ID: CVE-2025-47332

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-367

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: January 7, 2026

Last Updated: January 28, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html Vendor Advisory,Patch

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6698au Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Sg8275 Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm6650p Firmware by Qualcomm

Sm7435 Firmware by Qualcomm

Sm7550 Firmware by Qualcomm

Sm7550p Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7635p Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8475p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8650q Firmware by Qualcomm

Sm8735 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 6 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 7 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 7\+ Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Platform Firmware by Qualcomm

Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Sxr2250p Firmware by Qualcomm

Sxr2330p Firmware by Qualcomm

Sxr2350p Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9371 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7750 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case