CVE-2025-47378

Summary

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonCologneaffected
Qualcomm, Inc.SnapdragonFastConnect 6700affected
Qualcomm, Inc.SnapdragonFastConnect 6800affected
Qualcomm, Inc.SnapdragonFastConnect 6900affected
Qualcomm, Inc.SnapdragonFastConnect 7800affected
Qualcomm, Inc.SnapdragonLeMans_AU_LGITaffected
Qualcomm, Inc.SnapdragonLeMansAUaffected
Qualcomm, Inc.SnapdragonPandeiroaffected
Qualcomm, Inc.SnapdragonQAM8255Paffected
Qualcomm, Inc.SnapdragonQAMSRV1Haffected
Qualcomm, Inc.SnapdragonQAMSRV1Maffected
Qualcomm, Inc.SnapdragonQCA6391affected
Qualcomm, Inc.SnapdragonQCA6595affected
Qualcomm, Inc.SnapdragonQCA6595AUaffected
Qualcomm, Inc.SnapdragonQCA6696affected
Qualcomm, Inc.SnapdragonQCA6698AQaffected
Qualcomm, Inc.SnapdragonQCA6797AQaffected
Qualcomm, Inc.SnapdragonQLN1083BDaffected
Qualcomm, Inc.SnapdragonQLN1086BDaffected
Qualcomm, Inc.SnapdragonQPA1083BDaffected
Qualcomm, Inc.SnapdragonQPA1086BDaffected
Qualcomm, Inc.SnapdragonQXM1083affected
Qualcomm, Inc.SnapdragonQXM1086affected
Qualcomm, Inc.SnapdragonQXM1093affected
Qualcomm, Inc.SnapdragonQXM1094affected
Qualcomm, Inc.SnapdragonQXM1095affected
Qualcomm, Inc.SnapdragonQXM1096affected
Qualcomm, Inc.SnapdragonSA7255Paffected
Qualcomm, Inc.SnapdragonSA7775Paffected
Qualcomm, Inc.SnapdragonSA8255Paffected
Qualcomm, Inc.SnapdragonSA8620Paffected
Qualcomm, Inc.SnapdragonSA8770Paffected
Qualcomm, Inc.SnapdragonSA9000Paffected
Qualcomm, Inc.SnapdragonSAR1165Paffected
Qualcomm, Inc.SnapdragonSAR1250Paffected
Qualcomm, Inc.SnapdragonSAR2130Paffected
Qualcomm, Inc.SnapdragonSAR2230Paffected
Qualcomm, Inc.SnapdragonSD865 5Gaffected
Qualcomm, Inc.SnapdragonSnapdragon 8 Elite Gen 5affected
Qualcomm, Inc.SnapdragonSnapdragon 865 5G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 865+ 5G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 870 5G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon AR1 Gen 1 Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon AR1+ Gen 1 Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon X55 5G Modem-RF Systemaffected
Qualcomm, Inc.SnapdragonSnapdragon XR2 5G Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon XR2+ Gen 1 Platformaffected
Qualcomm, Inc.SnapdragonSRV1Haffected
Qualcomm, Inc.SnapdragonSRV1Maffected
Qualcomm, Inc.SnapdragonSXR2230Paffected
Qualcomm, Inc.SnapdragonSXR2250Paffected
Qualcomm, Inc.SnapdragonWCD9378Caffected
Qualcomm, Inc.SnapdragonWCD9380affected
Qualcomm, Inc.SnapdragonWCD9385affected
Qualcomm, Inc.SnapdragonWCD9395affected
Qualcomm, Inc.SnapdragonWCN3950affected
Qualcomm, Inc.SnapdragonWCN7860affected
Qualcomm, Inc.SnapdragonWCN7861affected
Qualcomm, Inc.SnapdragonWSA8810affected
Qualcomm, Inc.SnapdragonWSA8815affected
Qualcomm, Inc.SnapdragonWSA8830affected
Qualcomm, Inc.SnapdragonWSA8832affected
Qualcomm, Inc.SnapdragonWSA8835affected
Qualcomm, Inc.SnapdragonWSA8840affected
Qualcomm, Inc.SnapdragonWSA8845affected
Qualcomm, Inc.SnapdragonWSA8845Haffected
Qualcomm, Inc.SnapdragonX2000077affected
Qualcomm, Inc.SnapdragonX2000086affected
Qualcomm, Inc.SnapdragonX2000090affected
Qualcomm, Inc.SnapdragonX2000092affected
Qualcomm, Inc.SnapdragonX2000094affected
Qualcomm, Inc.SnapdragonXG101002affected
Qualcomm, Inc.SnapdragonXG101032affected
Qualcomm, Inc.SnapdragonXG101039affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References