SB2025120232 - Multiple vulnerabilities in Qualcomm chipsets (December 2025) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025120232

SB2025120232 - Multiple vulnerabilities in Qualcomm chipsets (December 2025)

Published: December 2, 2025

Security Bulletin ID SB2025120232
Severity
Low
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Untrusted Pointer Dereference (CVE-ID: CVE-2025-47325)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation in TZ Firmware. A local application can gain access to sensitive information.


2) Use After Free (CVE-ID: CVE-2025-27063)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Video. A local application can execute arbitrary code.


3) Out-of-bounds write (CVE-ID: CVE-2025-47320)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.


4) Buffer overflow (CVE-ID: CVE-2025-47321)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core Services. A local application can execute arbitrary code.


5) Use After Free (CVE-ID: CVE-2025-47322)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Automotive Linux OS. A local application can execute arbitrary code.


6) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-47319)

The vulnerability allows a local privileged application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local privileged application can read and manipulate data.


7) Buffer overflow (CVE-ID: CVE-2025-47372)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Boot. A local application can read and manipulate data.


8) Integer overflow (CVE-ID: CVE-2025-47323)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.


9) Use After Free (CVE-ID: CVE-2025-47350)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.


10) Untrusted Pointer Dereference (CVE-ID: CVE-2025-47387)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.


11) Incorrect Authorization (CVE-ID: CVE-2025-47382)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Boot. A local application can execute arbitrary code.


Remediation

Install update from vendor's website.

References