SB2025120230 - Multiple vulnerabilities in Qualcomm chipsets (October 2025)

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2025-47351)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

2) Use After Free (CVE-ID: CVE-2025-47354)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

3) Use After Free (CVE-ID: CVE-2025-47342)

The vulnerability allows a remote application to damange or delete data.

The vulnerability exists due to improper input validation in BT Controller. A remote application can damange or delete data.

4) Out-of-bounds write (CVE-ID: CVE-2025-27054)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Display. A local application can execute arbitrary code.

5) Stack-based buffer overflow (CVE-ID: CVE-2025-47347)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Automotive Software platform based on QNX. A local application can execute arbitrary code.

6) Untrusted Pointer Dereference (CVE-ID: CVE-2025-27060)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in TZ Firmware. A local application can execute arbitrary code.

7) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2025-27059)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in TZ Firmware. A local application can execute arbitrary code.

8) Buffer over-read (CVE-ID: CVE-2025-27041)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Video. A local application can perform a denial of service (DoS) attack.

9) Buffer over-read (CVE-ID: CVE-2025-27049)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Camera. A local application can perform a denial of service (DoS) attack.

10) Improper input validation (CVE-ID: CVE-2025-27040)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation in TZ Firmware. A local application can gain access to sensitive information.

11) Untrusted Pointer Dereference (CVE-ID: CVE-2025-27048)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.

12) Buffer over-read (CVE-ID: CVE-2025-27045)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A local application can read and manipulate data.

13) Detection of error condition without action (CVE-ID: CVE-2025-27039)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Computer Vision. A local application can read and manipulate data.

14) Out-of-bounds write (CVE-ID: CVE-2025-47355)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

15) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2025-47349)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

16) Buffer overflow (CVE-ID: CVE-2025-47341)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.

17) Out-of-bounds write (CVE-ID: CVE-2025-47340)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

18) Untrusted Pointer Dereference (CVE-ID: CVE-2025-47338)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

19) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2025-27053)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html