CVE-2025-47335

Q: What is the severity of CVE-2025-47335?

CVE-2025-47335 has a CVSS score of 6.7 (MEDIUM). This CVE describes a memory corruption vulnerability in Qualcomm hardware clock configuration parsing. Attackers could potentially execute arbitrary code or cause denial of service by sending specially crafted clock configuration data. This affects devices using specific Qualcomm hardware components.

6.7 MEDIUM

Buffer Overflow

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm hardware clock configuration parsing. Attackers could potentially execute arbitrary code or cause denial of service by sending specially crafted clock configuration data. This affects devices using specific Qualcomm hardware components.

💻 Affected Systems

Products:

Qualcomm hardware with specific clock management components

Versions: Specific versions not specified in provided reference

Operating Systems: Android, Linux-based systems using Qualcomm hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with specific Qualcomm hardware that processes clock configuration data. Exact product list requires checking Qualcomm advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing system crashes or instability in affected hardware components.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed clock configuration data to vulnerable hardware component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm January 2026 security bulletin for specific versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected products. 2. Obtain firmware/software updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot affected devices.

🔧 Temporary Workarounds

Input validation enhancement

all

Implement additional validation for clock configuration data inputs

Memory protection

linux

Enable ASLR and other memory protection mechanisms

🧯 If You Can't Patch

Isolate affected systems from untrusted networks
Implement strict access controls to prevent unauthorized access to clock configuration interfaces

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory and manufacturer security updates

Check Version:

Device-specific commands vary by manufacturer (e.g., 'getprop ro.build.version.security_patch' for Android)

Verify Fix Applied:

Verify firmware version matches patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Unexpected system crashes
Hardware component failures
Memory access violations in kernel logs

Network Indicators:

Unusual traffic to hardware management interfaces
Malformed configuration packets

SIEM Query:

Search for: (event_category="system_crash" OR "kernel_panic") AND (process_name contains "clock" OR "hardware_manager")

📊 Metadata

CVE ID: CVE-2025-47335

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.02% exploit probability (2.7th percentile)

Published: January 7, 2026

Last Updated: January 27, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm6650p Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7635p Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8650q Firmware by Qualcomm

Sm8735 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7750 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm