Fastconnect 6900 Firmware
CVE-2025-47368
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
AnalysisAI
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-126. Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing. Affected products include: Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Sc8380Xp Firmware, Qualcomm Wcd9380 Firmware, Qualcomm Wcd9385 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fastconnect 6900 Firmware
View allQualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Cryptographic issue occurs due to use of insecure connection method while downloading.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today