#VU126202 Use After Free in Qualcomm products - CVE-2025-47374
Published: April 15, 2026
Vulnerability identifier: #VU126202
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-47374
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
FastConnect 6900
FastConnect 7800
Pandeiro
QLN1083BD
QLN1086BD
QPA1083BD
QPA1086BD
QXM1083
QXM1086
QXM1093
QXM1094
QXM1095
QXM1096
SAR1165P
SAR2130P
Snapdragon AR1 Gen 1 Platform
Snapdragon AR1+ Gen 1 Platform
SXR2230P
SXR2250P
SXR2330P
SXR2350P
WCD9380
WCD9385
WCN7860
WCN7861
WSA8830
WSA8835
XRV7209
XRV9209
WSA8832
FastConnect 6900
FastConnect 7800
Pandeiro
QLN1083BD
QLN1086BD
QPA1083BD
QPA1086BD
QXM1083
QXM1086
QXM1093
QXM1094
QXM1095
QXM1096
SAR1165P
SAR2130P
Snapdragon AR1 Gen 1 Platform
Snapdragon AR1+ Gen 1 Platform
SXR2230P
SXR2250P
SXR2330P
SXR2350P
WCD9380
WCD9385
WCN7860
WCN7861
WSA8830
WSA8835
XRV7209
XRV9209
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera Driver. A local application can execute arbitrary code.
Remediation
Install security update from vendor's website.