Skip to main content

X2000086 Firmware CVE-2025-47399

HIGH
Classic Buffer Overflow (CWE-120)
2026-02-02 product-security@qualcomm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:01 vuln.today
CVE Published
Feb 02, 2026 - 16:16 nvd
HIGH 7.8

DescriptionCVE.org

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

AnalysisAI

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. [CVSS 7.8 HIGH]

Technical ContextAI

Classified as CWE-120 (Classic Buffer Overflow). Affects Cologne Firmware. Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2025-47380 HIGH
7.8 Jan 07

Memory corruption while preprocessing IOCTLs in sensors. [CVSS 7.8 HIGH]

CVE-2025-47356 HIGH
7.8 Jan 07

Memory Corruption when multiple threads concurrently access and modify shared resources. [CVSS 7.8 HIGH]

CVE-2025-47343 HIGH
7.8 Jan 07

Video Collaboration Vc3 Platform Firmware versions up to - contains a security vulnerability (CVSS 7.8).

CVE-2025-59603 HIGH
7.8 Mar 02

Memory Corruption when processing invalid user address with nonstandard buffer address. [CVSS 7.8 HIGH]

CVE-2025-47373 HIGH
7.8 Mar 02

Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]

CVE-2025-47359 HIGH
7.8 Feb 02

Memory Corruption when multiple threads simultaneously access a memory free API. [CVSS 7.8 HIGH]

CVE-2025-47358 HIGH
7.8 Feb 02

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inad

CVE-2025-47378 HIGH
7.1 Mar 02

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. [CVSS 7.1 HIGH]

CVE-2025-47402 MEDIUM
6.5 Feb 02

Transient DOS when processing a received frame with an excessively large authentication information element. [CVSS 6.5 M

CVE-2025-47367 HIGH
7.8 Nov 04

Memory corruption while accessing a buffer during IOCTL processing. Rated high severity (CVSS 7.8), this vulnerability i

CVE-2025-47352 HIGH
7.8 Nov 04

Memory corruption while processing audio streaming operations. Rated high severity (CVSS 7.8), this vulnerability is low

Share

CVE-2025-47399 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy