Ddos 
Qualcomm has released a substantial security update for December 2025, addressing 11 distinct vulnerabilities across its chipset ecosystem. The patch batch is headlined by a critical flaw in the device boot process that could allow attackers to execute arbitrary code, alongside high-severity issues affecting audio, camera, and automotive systems.
Patches have been shared with Original Equipment Manufacturers (OEMs), who are now urged to deploy them to end-user devices immediately.
The most severe vulnerability in this month’s bulletin is CVE-2025-47372, a proprietary software issue rated Critical with a CVSS score of 9.0.
This flaw resides in the “Boot” technology area and is described as a “Buffer Copy Without Checking Size of Input” (Classic Buffer Overflow). The vulnerability allows for “Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.”
Affected chipsets include the Snapdragon 8 Gen 3, Snapdragon X75 5G Modem-RF System, and FastConnect 7800.
Another significant proprietary flaw is CVE-2025-47319 (Rated Critical, CVSS 6.7), affecting the High-Level Operating System (HLOS). This vulnerability involves the “Exposure of Sensitive System Information to an Unauthorized Control Sphere,” specifically caused by “Information disclosure while exposing internal TA-to-TA [Trusted Application] communication APIs to HLOS.”
The bulletin also highlights several high-severity issues affecting multimedia subsystems:
- Audio: CVE-2025-47323 (CVSS 7.8) involves an “Integer Overflow or Wraparound” that causes memory corruption when routing large data packets between user and root spaces.
- Camera: CVE-2025-47387 (CVSS 7.8) is an “Untrusted Pointer Dereference” vulnerability triggered when processing IOCTLs for JPEG data without verification.
- Video: A moderate-rating but high-CVSS (7.8) issue, CVE-2025-27063, involves a “Use After Free” error during video playback timeouts.
Qualcomm also addressed vulnerabilities in open-source components integrated into their products. Notably, CVE-2025-47382 (CVSS 7.8) affects the Boot loader, allowing “Memory corruption while loading an invalid firmware” due to incorrect authorization.
For the automotive sector, CVE-2025-47322 (CVSS 7.8) targets the Automotive Android OS. This “Use After Free” vulnerability occurs while handling IOCTL calls to set modes, posing a risk to connected vehicle systems running on Snapdragon platforms.
The list of affected chipsets is extensive, covering flagship mobile platforms (Snapdragon 8 Gen 1/2/3), mid-range chips (Snapdragon 6/7 series), modems (Snapdragon X65/X75), and connectivity modules (FastConnect 6700/6900/7800).
Qualcomm advises that “patches are being actively shared with OEMs,” and users should “contact the device manufacturer for information on the patching status of released devices.”
Donate