Description
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Published: 2026-05-04
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory corruption error occurs when a previously allocated buffer is resized while its contents are being modified. This can cause unreliable behavior, potential crashes, or undefined behavior that might be leveraged in a broader compromise.

Affected Systems

Qualcomm Snapdragon automotive audio platforms are impacted; specific affected versions are not listed.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves manipulating audio data or driver input to trigger dynamic resizing during active modification, which requires access to the affected system. The absence of exploit probability data makes exploitation potential unclear but the nature of the flaw suggests that with sufficient privileges a local attacker could aim to corrupt memory.

Generated by OpenCVE AI on May 4, 2026 at 18:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Qualcomm firmware or driver update that includes bounds checking for audio buffer resizing operations.
  • If available, disable or limit functionality that performs dynamic buffer resizing while audio data is being processed.
  • Review system logs for anomalous audio processing activity and confirm that no unexpected crashes or memory corruption events occur.

Generated by OpenCVE AI on May 4, 2026 at 18:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Title Buffer Copy Without Checking Size of Input in Automotive Audio
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T17:18:50.464Z

Reserved: 2025-05-06T08:33:16.277Z

Link: CVE-2025-47404

cve-icon Vulnrichment

Updated: 2026-05-04T17:18:45.560Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:20.623

Modified: 2026-05-04T17:16:20.623

Link: CVE-2025-47404

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:00:07Z

Weaknesses