Skip to main content

CVE-2025-47374

| EUVD-2025-209222 MEDIUM
Use After Free (CWE-416)
2026-04-06 qualcomm
Buffer Overflow Use After Free Memory Corruption
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 16:00 euvd
EUVD-2025-209222
Analysis Generated
Apr 06, 2026 - 16:00 vuln.today
CVE Published
Apr 06, 2026 - 15:33 nvd
MEDIUM 6.5

DescriptionNVD

Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.

AnalysisAI

Memory corruption via use-after-free in Qualcomm Snapdragon SDK occurs when concurrent fence deregistration and signal handling operations access freed memory, allowing authenticated local attackers with low privileges to achieve information disclosure and integrity/availability compromise. CVSS 6.5 reflects local attack vector with high complexity; no public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

This vulnerability stems from a use-after-free condition (CWE-416) in Qualcomm Snapdragon's memory management subsystem, specifically in the interaction between fence (synchronization primitive) deregistration logic and signal handling routines. The root cause involves improper synchronization or timing of memory deallocation-a fence object is freed while signal handlers or concurrent deregistration code paths still hold references to it. When the freed memory is subsequently accessed, it may contain attacker-controlled or uninitialized data, leading to potential code execution or data corruption. The vulnerability is classified under memory corruption and buffer overflow categories, indicating that the use-after-free may enable writing beyond intended boundaries or executing arbitrary instructions within the same process context.

RemediationAI

Apply the security update provided in Qualcomm's April 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html), which contains the patched Snapdragon SDK version addressing the concurrent fence deregistration issue. If immediate patching is not feasible, restrict local access to Snapdragon SDK components and disable or isolate signal handling routines that interact with fence deregistration where operationally safe. Monitor Qualcomm's advisory for platform-specific patch availability (mobile firmware OTA updates, SoC silicon revisions, SDK point releases) as remediation timelines vary across Snapdragon product tiers.

Share

CVE-2025-47374 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy