Description
Memory corruption while preprocessing IOCTL request in JPEG driver.
Published: 2026-04-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption that may lead to information disclosure or system instability
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a buffer over‑read that occurs while the JPEG driver processes an IOCTL request. This results in memory corruption, which might expose unintended memory contents or trigger a crash. The weakness corresponds to CWE‑126 and could allow an attacker to read sensitive data or cause denial of service.

Affected Systems

Qualcomm Snapdragon devices are impacted, including Snapdragon 7c+ Gen 3 compute, Snapdragon 8cx Gen 3 compute, FastConnect 6700/6900/7800, Cologne, and related firmware modules. The vulnerability also affects various Wi‑Fi and Bluetooth firmware such as WCD9370, WCD9375, WCD9378c, WCD9380, WCD9385, WSA8830/8835/8840/8845/8845h, and many XG or X200 series chips. All these components contain the camera JPEG driver that processes IOCTL traffic.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but the EPSS score of less than 1% suggests a low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, meaning no known widespread exploits are documented. Likely attack scenarios involve a local privileged process that can send malicious IOCTL commands to the JPEG driver, potentially permitting information disclosure or service disruption. Because the vector is local, mitigation by patching and limiting driver access is effective.

Generated by OpenCVE AI on April 8, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Qualcomm firmware update that addresses the buffer over‑read vulnerability in the camera JPEG driver.
  • If a specific driver patch is available, install it or rebuild the driver with the fixed code.
  • Until a patch is available, restrict write access to the camera device or disable unused camera services to reduce the attack surface.
  • Verify the integrity of the firmware after installation and monitor system logs for abnormal activity.
  • Stay informed by reviewing Qualcomm security bulletins for any subsequent updates.

Generated by OpenCVE AI on April 8, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm cologne
Qualcomm cologne Firmware
Qualcomm fastconnect 6700
Qualcomm fastconnect 6700 Firmware
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qca0000
Qualcomm qca0000 Firmware
Qualcomm qcm5430
Qualcomm qcm5430 Firmware
Qualcomm qcm6490
Qualcomm qcm6490 Firmware
Qualcomm sc8380xp
Qualcomm sc8380xp Firmware
Qualcomm snapdragon 7c\+ Gen 3 Compute
Qualcomm snapdragon 7c\+ Gen 3 Compute Firmware
Qualcomm snapdragon 8cx Gen 3 Compute Platform
Qualcomm snapdragon 8cx Gen 3 Compute Platform Firmware
Qualcomm video Collaboration Vc3 Platform
Qualcomm video Collaboration Vc3 Platform Firmware
Qualcomm wcd9370
Qualcomm wcd9370 Firmware
Qualcomm wcd9375
Qualcomm wcd9375 Firmware
Qualcomm wcd9378c
Qualcomm wcd9378c Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wsa8830
Qualcomm wsa8830 Firmware
Qualcomm wsa8835
Qualcomm wsa8835 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Qualcomm x2000077
Qualcomm x2000077 Firmware
Qualcomm x2000086
Qualcomm x2000086 Firmware
Qualcomm x2000090
Qualcomm x2000090 Firmware
Qualcomm x2000092
Qualcomm x2000092 Firmware
Qualcomm x2000094
Qualcomm x2000094 Firmware
Qualcomm xg101002
Qualcomm xg101002 Firmware
Qualcomm xg101032
Qualcomm xg101032 Firmware
Qualcomm xg101039
Qualcomm xg101039 Firmware
CPEs cpe:2.3:h:qualcomm:cologne:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca0000:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_7c\+_gen_3_compute:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9378c:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000077:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000086:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000090:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000092:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000094:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101002:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101032:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101039:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:cologne_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9378c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000077_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000086_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000090_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000092_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000094_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101002_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101032_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101039_firmware:-:*:*:*:*:*:*:*
Vendors & Products Qualcomm cologne
Qualcomm cologne Firmware
Qualcomm fastconnect 6700
Qualcomm fastconnect 6700 Firmware
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qca0000
Qualcomm qca0000 Firmware
Qualcomm qcm5430
Qualcomm qcm5430 Firmware
Qualcomm qcm6490
Qualcomm qcm6490 Firmware
Qualcomm sc8380xp
Qualcomm sc8380xp Firmware
Qualcomm snapdragon 7c\+ Gen 3 Compute
Qualcomm snapdragon 7c\+ Gen 3 Compute Firmware
Qualcomm snapdragon 8cx Gen 3 Compute Platform
Qualcomm snapdragon 8cx Gen 3 Compute Platform Firmware
Qualcomm video Collaboration Vc3 Platform
Qualcomm video Collaboration Vc3 Platform Firmware
Qualcomm wcd9370
Qualcomm wcd9370 Firmware
Qualcomm wcd9375
Qualcomm wcd9375 Firmware
Qualcomm wcd9378c
Qualcomm wcd9378c Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wsa8830
Qualcomm wsa8830 Firmware
Qualcomm wsa8835
Qualcomm wsa8835 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Qualcomm x2000077
Qualcomm x2000077 Firmware
Qualcomm x2000086
Qualcomm x2000086 Firmware
Qualcomm x2000090
Qualcomm x2000090 Firmware
Qualcomm x2000092
Qualcomm x2000092 Firmware
Qualcomm x2000094
Qualcomm x2000094 Firmware
Qualcomm xg101002
Qualcomm xg101002 Firmware
Qualcomm xg101032
Qualcomm xg101032 Firmware
Qualcomm xg101039
Qualcomm xg101039 Firmware

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory corruption while preprocessing IOCTL request in JPEG driver.
Title Buffer Over-read in Camera
Weaknesses CWE-126
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Cologne Cologne Firmware Fastconnect 6700 Fastconnect 6700 Firmware Fastconnect 6900 Fastconnect 6900 Firmware Fastconnect 7800 Fastconnect 7800 Firmware Qca0000 Qca0000 Firmware Qcm5430 Qcm5430 Firmware Qcm6490 Qcm6490 Firmware Sc8380xp Sc8380xp Firmware Snapdragon Snapdragon 7c\+ Gen 3 Compute Snapdragon 7c\+ Gen 3 Compute Firmware Snapdragon 8cx Gen 3 Compute Platform Snapdragon 8cx Gen 3 Compute Platform Firmware Video Collaboration Vc3 Platform Video Collaboration Vc3 Platform Firmware Wcd9370 Wcd9370 Firmware Wcd9375 Wcd9375 Firmware Wcd9378c Wcd9378c Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wsa8830 Wsa8830 Firmware Wsa8835 Wsa8835 Firmware Wsa8840 Wsa8840 Firmware Wsa8845 Wsa8845 Firmware Wsa8845h Wsa8845h Firmware X2000077 X2000077 Firmware X2000086 X2000086 Firmware X2000090 X2000090 Firmware X2000092 X2000092 Firmware X2000094 X2000094 Firmware Xg101002 Xg101002 Firmware Xg101032 Xg101032 Firmware Xg101039 Xg101039 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-04-07T03:55:58.985Z

Reserved: 2025-05-06T08:33:16.274Z

Link: CVE-2025-47390

cve-icon Vulnrichment

Updated: 2026-04-06T16:22:20.412Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T16:16:27.777

Modified: 2026-04-08T21:10:11.547

Link: CVE-2025-47390

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:00Z

Weaknesses