Skip to main content

Qualcomm Snapdragon CVE-2025-47401

| EUVDEUVD-2025-209626 MEDIUM
Buffer Over-read (CWE-126)
2026-05-04 qualcomm
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 04, 2026 - 17:49 vuln.today
EUVD ID Assigned
May 04, 2026 - 17:15 euvd
EUVD-2025-209626
Analysis Generated
May 04, 2026 - 17:15 vuln.today
CVE Published
May 04, 2026 - 16:43 nvd
MEDIUM 6.5

DescriptionCVE.org

Transient DOS when processing target power rate tables during channel configuration.

AnalysisAI

Transient denial of service in Qualcomm Snapdragon occurs during target power rate table processing when configuring wireless channels, caused by a buffer over-read vulnerability. The vulnerability affects all Snapdragon versions and requires adjacent network access with no authentication or user interaction, resulting in service interruption but no data compromise or unauthorized access.

Technical ContextAI

The vulnerability stems from a CWE-126 buffer over-read condition in the wireless channel configuration subsystem, specifically within the target power rate table parser. This is a classic bounds-checking failure where the code reads beyond allocated memory boundaries during processing of power regulation parameters used in RF (radio frequency) channel setup. The affected component is part of Qualcomm's Snapdragon system-on-chip (SoC) architecture, which handles cellular baseband and wireless protocol processing. The attack surface is the wireless configuration interface, which processes channel parameters including power rate tables transmitted from the network or local wireless management interfaces.

RemediationAI

Obtain and apply the Qualcomm Snapdragon firmware update released in May 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html), which addresses the buffer over-read condition in the power rate table parser. Exact patched firmware versions are not yet specified in available data; consult the bulletin for OEM-specific and device-model-specific update packages. As an interim compensating control, disable wireless dynamic channel configuration features if supported by your device or restrict RF parameter updates to authenticated network sources only. Organizations managing Snapdragon-based devices (smartphones, tablets, network appliances, automotive systems) should prioritize firmware update deployment based on device criticality and wireless exposure.

CVE-2026-25293 CRITICAL
9.6 May 04

Buffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau

CVE-2026-25277 HIGH
8.8 Jun 01

Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o

CVE-2026-25276 HIGH
8.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr

CVE-2025-47392 HIGH
8.8 Apr 06

Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution

CVE-2026-24088 HIGH
8.2 Jun 01

Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci

CVE-2026-25259 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip

CVE-2026-25258 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during

CVE-2025-59606 HIGH
7.8 Jun 01

Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged

CVE-2025-59605 HIGH
7.8 Jun 01

Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-

CVE-2025-59604 HIGH
7.8 Jun 01

Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig

CVE-2026-24082 HIGH
7.8 May 04

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c

CVE-2025-47408 HIGH
7.8 May 04

Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c

Share

CVE-2025-47401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy