CVE-2025-47344

6.7 MEDIUM

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm sensor utility operations that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets with vulnerable sensor drivers. This primarily impacts mobile devices, IoT devices, and embedded systems using affected Qualcomm hardware.

💻 Affected Systems

Products:

• Qualcomm chipsets with sensor processing units

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset models

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Qualcomm sensor drivers; vulnerability is in chipset firmware/drivers, not application software.

📦 What is this software?

Csra6620 Firmware by Qualcomm

View all CVEs affecting Csra6620 Firmware →

Csra6640 Firmware by Qualcomm

View all CVEs affecting Csra6640 Firmware →

Fastconnect 6200 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6200 Firmware →

Fastconnect 6700 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6700 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Qca6574 Firmware by Qualcomm

View all CVEs affecting Qca6574 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qcm4490 Firmware by Qualcomm

View all CVEs affecting Qcm4490 Firmware →

Qcm5430 Firmware by Qualcomm

View all CVEs affecting Qcm5430 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcs4490 Firmware by Qualcomm

View all CVEs affecting Qcs4490 Firmware →

Qcs5430 Firmware by Qualcomm

View all CVEs affecting Qcs5430 Firmware →

Qcs615 Firmware by Qualcomm

View all CVEs affecting Qcs615 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qcs8550 Firmware by Qualcomm

View all CVEs affecting Qcs8550 Firmware →

Qcs9100 Firmware by Qualcomm

View all CVEs affecting Qcs9100 Firmware →

Qmp1000 Firmware by Qualcomm

View all CVEs affecting Qmp1000 Firmware →

Robotics Rb2 Platform Firmware by Qualcomm

View all CVEs affecting Robotics Rb2 Platform Firmware →

Sa6155p Firmware by Qualcomm

View all CVEs affecting Sa6155p Firmware →

Sa8155p Firmware by Qualcomm

View all CVEs affecting Sa8155p Firmware →

Sa8195p Firmware by Qualcomm

View all CVEs affecting Sa8195p Firmware →

Sm4635 Firmware by Qualcomm

View all CVEs affecting Sm4635 Firmware →

Sm6650 Firmware by Qualcomm

View all CVEs affecting Sm6650 Firmware →

Sm6650p Firmware by Qualcomm

View all CVEs affecting Sm6650p Firmware →

Sm7635 Firmware by Qualcomm

View all CVEs affecting Sm7635 Firmware →

Sm7635p Firmware by Qualcomm

View all CVEs affecting Sm7635p Firmware →

Sm7675 Firmware by Qualcomm

View all CVEs affecting Sm7675 Firmware →

Sm7675p Firmware by Qualcomm

View all CVEs affecting Sm7675p Firmware →

Sm8635 Firmware by Qualcomm

View all CVEs affecting Sm8635 Firmware →

Sm8635p Firmware by Qualcomm

View all CVEs affecting Sm8635p Firmware →

Sm8650q Firmware by Qualcomm

View all CVEs affecting Sm8650q Firmware →

Sm8735 Firmware by Qualcomm

View all CVEs affecting Sm8735 Firmware →

Sm8750 Firmware by Qualcomm

View all CVEs affecting Sm8750 Firmware →

Sm8750p Firmware by Qualcomm

View all CVEs affecting Sm8750p Firmware →

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 1 Mobile Platform Firmware →

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 2 Mobile Platform Firmware →

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →

Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware →

Snapdragon 662 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 662 Mobile Platform Firmware →

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 680 4g Mobile Platform Firmware →

Snapdragon 685 4g Mobile Platform \(sm6225 Ad\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 685 4g Mobile Platform \(sm6225 Ad\) Firmware →

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 3 Mobile Platform Firmware →

Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware by Qualcomm

View all CVEs affecting Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware →

Snapdragon Ar1 Gen 1 Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Ar1 Gen 1 Platform Firmware →

Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →

Sxr2230p Firmware by Qualcomm

View all CVEs affecting Sxr2230p Firmware →

Sxr2250p Firmware by Qualcomm

View all CVEs affecting Sxr2250p Firmware →

Sxr2330p Firmware by Qualcomm

View all CVEs affecting Sxr2330p Firmware →

Sxr2350p Firmware by Qualcomm

View all CVEs affecting Sxr2350p Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9378 Firmware by Qualcomm

View all CVEs affecting Wcd9378 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcd9390 Firmware by Qualcomm

View all CVEs affecting Wcd9390 Firmware →

Wcd9395 Firmware by Qualcomm

View all CVEs affecting Wcd9395 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn6650 Firmware by Qualcomm

View all CVEs affecting Wcn6650 Firmware →

Wcn6740 Firmware by Qualcomm

View all CVEs affecting Wcn6740 Firmware →

Wcn6755 Firmware by Qualcomm

View all CVEs affecting Wcn6755 Firmware →

Wcn7750 Firmware by Qualcomm

View all CVEs affecting Wcn7750 Firmware →

Wcn7860 Firmware by Qualcomm

View all CVEs affecting Wcn7860 Firmware →

Wcn7861 Firmware by Qualcomm

View all CVEs affecting Wcn7861 Firmware →

Wcn7880 Firmware by Qualcomm

View all CVEs affecting Wcn7880 Firmware →

Wcn7881 Firmware by Qualcomm

View all CVEs affecting Wcn7881 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8832 Firmware by Qualcomm

View all CVEs affecting Wsa8832 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation from user to kernel space, potentially allowing app sandbox escape and access to sensitive sensor data.

🟢

If Mitigated

Denial of service through system crash or reboot if memory corruption is triggered but exploitation fails.

🌐 Internet-Facing: LOW - Requires local access or malicious app installation; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious apps or compromised users could exploit this for privilege escalation within the device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious app; memory corruption vulnerabilities often require specific conditions to achieve reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check device manufacturer updates for specific firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates 2. Apply Qualcomm-provided patches through OEM updates 3. Reboot device after update installation

🔧 Temporary Workarounds

Restrict sensor permissions

android

Limit which apps can access sensor data to reduce attack surface

Copy

adb shell pm revoke <package_name> android.permission.BODY_SENSORS
adb shell pm revoke <package_name> android.permission.ACTIVITY_RECOGNITION

Disable unnecessary sensors

all

Turn off sensors not required for device operation

🧯 If You Can't Patch

• Implement strict app vetting and only install from trusted sources
• Use mobile device management (MDM) to enforce security policies and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Copy

Check device chipset model and firmware version against Qualcomm's affected products list

Check Version:

Copy

adb shell getprop ro.bootloader (Android) or cat /proc/cpuinfo (Linux)

Verify Fix Applied:

Copy

Verify firmware version has been updated to a version after the patch release date

📡 Detection & Monitoring

Log Indicators:

• Kernel panic logs
• Sensor service crashes
• Unexpected memory access violations in system logs

Network Indicators:

• Unusual sensor data exfiltration patterns

SIEM Query:

Copy

source="kernel" AND ("panic" OR "oops") AND "sensor"

📊 Metadata

CVE ID: CVE-2025-47344

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-367

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: January 7, 2026

Last Updated: January 27, 2026

🔗 References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html Vendor Advisory,Patch

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47344, you might also want to check these:

CVE-2026-25641 10.0

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attack...

Same vulnerability type (CWE-367)

CVE-2025-64180 10.0

A critical TOCTOU vulnerability in Manager accounting software allows attackers to bypass DNS valida...

Same vulnerability type (CWE-367)

CVE-2025-13032 9.9

A double fetch vulnerability in the sandbox kernel driver of Avast/AVG Antivirus on Windows allows l...

Same vulnerability type (CWE-367)