csaf_certbund - wid-sec-w-2025-2472

wid-sec-w-2025-2472

Vulnerability from csaf_certbund

Published

2025-11-03 23:00

Modified

2025-11-17 23:00

Summary

Samsung Android: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um möglicherweise beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Android

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um m\u00f6glicherweise beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2472 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2472.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2472 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2472"
      },
      {
        "category": "external",
        "summary": "Samsung Security Updates November 2025 (SMR-NOV-2025) vom 2025-11-03",
        "url": "https://security.samsungmobile.com/securityUpdate.smsb"
      }
    ],
    "source_lang": "en-US",
    "title": "Samsung Android: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-17T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-18T08:07:12.013+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2472",
      "initial_release_date": "2025-11-03T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-03T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-17T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-197910"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "13 \u003cSMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 13 \u003cSMR-NOV-2025",
                  "product_id": "T048273"
                }
              },
              {
                "category": "product_version",
                "name": "13 SMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 13 SMR-NOV-2025",
                  "product_id": "T048273-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:samsung:android:13__smr-nov-2025"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "14 \u003cSMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 14 \u003cSMR-NOV-2025",
                  "product_id": "T048274"
                }
              },
              {
                "category": "product_version",
                "name": "14 SMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 14 SMR-NOV-2025",
                  "product_id": "T048274-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:samsung:android:14__smr-nov-2025"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "15 \u003cSMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 15 \u003cSMR-NOV-2025",
                  "product_id": "T048275"
                }
              },
              {
                "category": "product_version",
                "name": "15 SMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 15 SMR-NOV-2025",
                  "product_id": "T048275-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:samsung:android:15__smr-nov-2025"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "16 \u003cSMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 16 \u003cSMR-NOV-2025",
                  "product_id": "T048276"
                }
              },
              {
                "category": "product_version",
                "name": "16 SMR-NOV-2025",
                "product": {
                  "name": "Samsung Android 16 SMR-NOV-2025",
                  "product_id": "T048276-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:samsung:android:16__smr-nov-2025"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Android"
          }
        ],
        "category": "vendor",
        "name": "Samsung"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-40130",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2023-40130"
    },
    {
      "cve": "CVE-2025-20730",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-20730"
    },
    {
      "cve": "CVE-2025-22432",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-22432"
    },
    {
      "cve": "CVE-2025-27074",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-27074"
    },
    {
      "cve": "CVE-2025-47370",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-47370"
    },
    {
      "cve": "CVE-2025-48525",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48525"
    },
    {
      "cve": "CVE-2025-48575",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48575"
    },
    {
      "cve": "CVE-2025-48581",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48581"
    },
    {
      "cve": "CVE-2025-48583",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48583"
    },
    {
      "cve": "CVE-2025-48588",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48588"
    },
    {
      "cve": "CVE-2025-48589",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48589"
    },
    {
      "cve": "CVE-2025-48590",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48590"
    },
    {
      "cve": "CVE-2025-48592",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48592"
    },
    {
      "cve": "CVE-2025-48593",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48593"
    },
    {
      "cve": "CVE-2025-48594",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48594"
    },
    {
      "cve": "CVE-2025-48595",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48595"
    },
    {
      "cve": "CVE-2025-48596",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48596"
    },
    {
      "cve": "CVE-2025-48597",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48597"
    },
    {
      "cve": "CVE-2025-48598",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48598"
    },
    {
      "cve": "CVE-2025-48599",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48599"
    },
    {
      "cve": "CVE-2025-48600",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48600"
    },
    {
      "cve": "CVE-2025-48603",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48603"
    },
    {
      "cve": "CVE-2025-48604",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48604"
    },
    {
      "cve": "CVE-2025-48612",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-48612"
    },
    {
      "cve": "CVE-2025-54957",
      "product_status": {
        "known_affected": [
          "T048274",
          "T048273",
          "T048276",
          "T048275"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-54957"
    }
  ]
}

CVE-2025-48581 (GCVE-0-2025-48581)

Vulnerability from cvelistv5

Published

2025-09-04 18:34

Modified

2025-11-18 04:51

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Elevation of privilege

Summary

In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

URL

Tags

	https://android.googlesource.com/platform/build/+/cda08bfbf55aed1e4c79efe6a66bb930d19a8a13
	https://android.googlesource.com/platform/system/apex/+/5a33fa4202cb5f06d7f02f3a2b8d13780d7cb3f5
	https://android.googlesource.com/platform/system/apex/+/13bbfe3ef2953e9805d57d3219cc122e485ba90f
	https://source.android.com/security/bulletin/2025-11-01

Impacted products

	Vendor	Product	Version
	Google	Android	Version: 16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48581",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-05T03:55:51.910844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T14:20:25.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Android",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "16"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T04:51:56.603Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "url": "https://android.googlesource.com/platform/build/+/cda08bfbf55aed1e4c79efe6a66bb930d19a8a13"
        },
        {
          "url": "https://android.googlesource.com/platform/system/apex/+/5a33fa4202cb5f06d7f02f3a2b8d13780d7cb3f5"
        },
        {
          "url": "https://android.googlesource.com/platform/system/apex/+/13bbfe3ef2953e9805d57d3219cc122e485ba90f"
        },
        {
          "url": "https://source.android.com/security/bulletin/2025-11-01"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.7.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2025-48581",
    "datePublished": "2025-09-04T18:34:41.808Z",
    "dateReserved": "2025-05-22T18:11:49.136Z",
    "dateUpdated": "2025-11-18T04:51:56.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54957 (GCVE-0-2025-54957)

Vulnerability from cvelistv5

Published

2025-10-20 00:00

Modified

2025-10-20 18:05

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Summary

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.

References

URL

Tags

https://professional.dolby.com/siteassets/pdfs/dolby-security-advisory-CVE-2025-54957-Oct-14-25.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-54957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T18:05:00.569570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-20T18:05:36.486Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-20T14:56:45.026Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://professional.dolby.com/siteassets/pdfs/dolby-security-advisory-CVE-2025-54957-Oct-14-25.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-54957",
    "datePublished": "2025-10-20T00:00:00.000Z",
    "dateReserved": "2025-08-03T00:00:00.000Z",
    "dateUpdated": "2025-10-20T18:05:36.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27074 (GCVE-0-2025-27074)

Vulnerability from cvelistv5

Published

2025-11-04 03:19

Modified

2025-11-04 14:46

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-131 - Incorrect Calculation of Buffer Size

Summary

Memory corruption while processing a GP command response.

References

URL

Tags

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon	Version: APQ8064AU Version: CSR8811 Version: Immersive Home 214 Platform Version: Immersive Home 216 Platform Version: Immersive Home 316 Platform Version: Immersive Home 318 Platform Version: IPQ5010 Version: IPQ5028 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071 Version: IPQ8071A Version: IPQ8072 Version: IPQ8072A Version: IPQ8074 Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9008 Version: IPQ9574 Version: MDM9640 Version: MDM9650 Version: MSM8996AU Version: PMP8074 Version: QCA4024 Version: QCA6174A Version: QCA6234 Version: QCA6310 Version: QCA6320 Version: QCA6428 Version: QCA6438 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6694 Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA9888 Version: QCA9889 Version: QCA9984 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5064 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN5550 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9001 Version: QCN9002 Version: QCN9003 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: SD820 Version: SD821 Version: SDM429W Version: SDX55 Version: Snapdragon 429 Mobile Platform Version: Snapdragon 820 Automotive Platform Version: Snapdragon 820 Mobile Platform Version: Snapdragon 821 Mobile Platform Version: Snapdragon Wear 4100+ Platform Version: WCD9335 Version: WCN3610 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WSA8810 Version: WSA8815

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-04T04:55:18.844570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T14:46:19.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables",
            "Snapdragon Wired Infrastructure and Networking"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8064AU"
            },
            {
              "status": "affected",
              "version": "CSR8811"
            },
            {
              "status": "affected",
              "version": "Immersive Home 214 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 216 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 316 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 318 Platform"
            },
            {
              "status": "affected",
              "version": "IPQ5010"
            },
            {
              "status": "affected",
              "version": "IPQ5028"
            },
            {
              "status": "affected",
              "version": "IPQ8070"
            },
            {
              "status": "affected",
              "version": "IPQ8070A"
            },
            {
              "status": "affected",
              "version": "IPQ8071"
            },
            {
              "status": "affected",
              "version": "IPQ8071A"
            },
            {
              "status": "affected",
              "version": "IPQ8072"
            },
            {
              "status": "affected",
              "version": "IPQ8072A"
            },
            {
              "status": "affected",
              "version": "IPQ8074"
            },
            {
              "status": "affected",
              "version": "IPQ8074A"
            },
            {
              "status": "affected",
              "version": "IPQ8076"
            },
            {
              "status": "affected",
              "version": "IPQ8076A"
            },
            {
              "status": "affected",
              "version": "IPQ8078"
            },
            {
              "status": "affected",
              "version": "IPQ8078A"
            },
            {
              "status": "affected",
              "version": "IPQ8173"
            },
            {
              "status": "affected",
              "version": "IPQ8174"
            },
            {
              "status": "affected",
              "version": "IPQ9008"
            },
            {
              "status": "affected",
              "version": "IPQ9574"
            },
            {
              "status": "affected",
              "version": "MDM9640"
            },
            {
              "status": "affected",
              "version": "MDM9650"
            },
            {
              "status": "affected",
              "version": "MSM8996AU"
            },
            {
              "status": "affected",
              "version": "PMP8074"
            },
            {
              "status": "affected",
              "version": "QCA4024"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6234"
            },
            {
              "status": "affected",
              "version": "QCA6310"
            },
            {
              "status": "affected",
              "version": "QCA6320"
            },
            {
              "status": "affected",
              "version": "QCA6428"
            },
            {
              "status": "affected",
              "version": "QCA6438"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6694"
            },
            {
              "status": "affected",
              "version": "QCA8072"
            },
            {
              "status": "affected",
              "version": "QCA8075"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA9888"
            },
            {
              "status": "affected",
              "version": "QCA9889"
            },
            {
              "status": "affected",
              "version": "QCA9984"
            },
            {
              "status": "affected",
              "version": "QCN5022"
            },
            {
              "status": "affected",
              "version": "QCN5024"
            },
            {
              "status": "affected",
              "version": "QCN5052"
            },
            {
              "status": "affected",
              "version": "QCN5054"
            },
            {
              "status": "affected",
              "version": "QCN5064"
            },
            {
              "status": "affected",
              "version": "QCN5122"
            },
            {
              "status": "affected",
              "version": "QCN5124"
            },
            {
              "status": "affected",
              "version": "QCN5152"
            },
            {
              "status": "affected",
              "version": "QCN5154"
            },
            {
              "status": "affected",
              "version": "QCN5164"
            },
            {
              "status": "affected",
              "version": "QCN5550"
            },
            {
              "status": "affected",
              "version": "QCN6023"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6100"
            },
            {
              "status": "affected",
              "version": "QCN6102"
            },
            {
              "status": "affected",
              "version": "QCN6112"
            },
            {
              "status": "affected",
              "version": "QCN6122"
            },
            {
              "status": "affected",
              "version": "QCN6132"
            },
            {
              "status": "affected",
              "version": "QCN9000"
            },
            {
              "status": "affected",
              "version": "QCN9001"
            },
            {
              "status": "affected",
              "version": "QCN9002"
            },
            {
              "status": "affected",
              "version": "QCN9003"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCN9022"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCN9070"
            },
            {
              "status": "affected",
              "version": "QCN9072"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCN9100"
            },
            {
              "status": "affected",
              "version": "QCN9274"
            },
            {
              "status": "affected",
              "version": "SD820"
            },
            {
              "status": "affected",
              "version": "SD821"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Automotive Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 821 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 4100+ Platform"
            },
            {
              "status": "affected",
              "version": "WCD9335"
            },
            {
              "status": "affected",
              "version": "WCN3610"
            },
            {
              "status": "affected",
              "version": "WCN3620"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while processing a GP command response."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T03:19:13.447Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
        }
      ],
      "title": "Incorrect Calculation of Buffer Size in SCE-Mink"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-27074",
    "datePublished": "2025-11-04T03:19:13.447Z",
    "dateReserved": "2025-02-18T09:19:46.888Z",
    "dateUpdated": "2025-11-04T14:46:19.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20730 (GCVE-0-2025-20730)

Vulnerability from cvelistv5

Published

2025-11-04 06:19

Modified

2025-11-05 04:55

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication - Generic

Summary

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.

References

URL

Tags

https://corp.mediatek.com/product-security-bulletin/November-2025

Impacted products

	Vendor	Product	Version
	MediaTek, Inc.	MT2737, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8195, MT8676, MT8678, MT8696	Version: Android 13.0, 14.0, 15.0, 16.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20730",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-05T04:55:40.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT2737, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8195, MT8676, MT8678, MT8696",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 13.0, 14.0, 15.0, 16.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T06:19:47.152Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20730",
    "datePublished": "2025-11-04T06:19:47.152Z",
    "dateReserved": "2024-11-01T01:21:50.393Z",
    "dateUpdated": "2025-11-05T04:55:40.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47370 (GCVE-0-2025-47370)

Vulnerability from cvelistv5

Published

2025-11-04 03:19

Modified

2025-11-04 19:00

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-617 - Reachable Assertion

Summary

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

References

URL

Tags

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon	Version: AR8035 Version: CSRB31024 Version: FastConnect 6700 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6391 Version: QCA6554A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6777AQ Version: QCA6787AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCA8695AU Version: QCC2073 Version: QCC2076 Version: QCC5161 Version: QCC710 Version: QCC7225 Version: QCC7226 Version: QCC7228 Version: QCM4490 Version: QCM5430 Version: QCM6490 Version: QCN6224 Version: QCN6274 Version: QCN7605 Version: QCN7606 Version: QCN9011 Version: QCN9012 Version: QCS4490 Version: QCS5430 Version: QCS615 Version: QCS6490 Version: QCS8550 Version: QCS9100 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: Qualcomm Video Collaboration VC3 Platform Version: S3 Gen 2 Sound Platform Version: S3 Sound Platform Version: S5 Gen 2 Sound Platform Version: S5 Sound Platform Version: SA4150P Version: SA4155P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SC8380XP Version: SDX55 Version: SM7325P Version: SM7675 Version: SM7675P Version: SM8550P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 2 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 8+ Gen 2 Mobile Platform Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: SnapdragonAuto 4GModem Version: SRV1H Version: SRV1M Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2230P Version: SXR2250P Version: SXR2330P Version: SXR2350P Version: WCD9340 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3950 Version: WCN6755 Version: WCN7750 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47370",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-04T19:00:41.329311Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:00:52.629Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Connectivity",
            "Snapdragon Consumer Electronics Connectivity",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Voice \u0026 Music",
            "Snapdragon WBC"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "CSRB31024"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6554A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6678AQ"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA6777AQ"
            },
            {
              "status": "affected",
              "version": "QCA6787AQ"
            },
            {
              "status": "affected",
              "version": "QCA6797AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCA8695AU"
            },
            {
              "status": "affected",
              "version": "QCC2073"
            },
            {
              "status": "affected",
              "version": "QCC2076"
            },
            {
              "status": "affected",
              "version": "QCC5161"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCC7225"
            },
            {
              "status": "affected",
              "version": "QCC7226"
            },
            {
              "status": "affected",
              "version": "QCC7228"
            },
            {
              "status": "affected",
              "version": "QCM4490"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN7605"
            },
            {
              "status": "affected",
              "version": "QCN7606"
            },
            {
              "status": "affected",
              "version": "QCN9011"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCS4490"
            },
            {
              "status": "affected",
              "version": "QCS5430"
            },
            {
              "status": "affected",
              "version": "QCS615"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QCS9100"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "S3 Gen 2 Sound Platform"
            },
            {
              "status": "affected",
              "version": "S3 Sound Platform"
            },
            {
              "status": "affected",
              "version": "S5 Gen 2 Sound Platform"
            },
            {
              "status": "affected",
              "version": "S5 Sound Platform"
            },
            {
              "status": "affected",
              "version": "SA4150P"
            },
            {
              "status": "affected",
              "version": "SA4155P"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6150P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8145P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "SC8380XP"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SM7325P"
            },
            {
              "status": "affected",
              "version": "SM7675"
            },
            {
              "status": "affected",
              "version": "SM7675P"
            },
            {
              "status": "affected",
              "version": "SM8550P"
            },
            {
              "status": "affected",
              "version": "SM8635"
            },
            {
              "status": "affected",
              "version": "SM8635P"
            },
            {
              "status": "affected",
              "version": "SM8650Q"
            },
            {
              "status": "affected",
              "version": "SM8735"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c+ Gen 3 Compute"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "SnapdragonAuto 4GModem"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "SXR2250P"
            },
            {
              "status": "affected",
              "version": "SXR2330P"
            },
            {
              "status": "affected",
              "version": "SXR2350P"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9360"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9378"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN6755"
            },
            {
              "status": "affected",
              "version": "WCN7750"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T03:19:26.256Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
        }
      ],
      "title": "Reachable Assertion in BT Controller"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-47370",
    "datePublished": "2025-11-04T03:19:26.256Z",
    "dateReserved": "2025-05-06T08:33:16.265Z",
    "dateUpdated": "2025-11-04T19:00:52.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48593 (GCVE-0-2025-48593)

Vulnerability from cvelistv5

Published

2025-11-18 04:51

Modified

2025-11-19 04:55

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Remote code execution

Summary

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

URL

Tags

	https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c69c78d7c4f623201f35831d32e6c401156e76cc
	https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5ed63461b44198c80d5aff7e1af1df812f782abb
	https://source.android.com/security/bulletin/2025-11-01

Impacted products

	Vendor	Product	Version
	Google	Android	Version: 16 Version: 15 Version: 14 Version: 13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T04:55:23.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Android",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "16"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T04:51:57.663Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c69c78d7c4f623201f35831d32e6c401156e76cc"
        },
        {
          "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5ed63461b44198c80d5aff7e1af1df812f782abb"
        },
        {
          "url": "https://source.android.com/security/bulletin/2025-11-01"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.7.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2025-48593",
    "datePublished": "2025-11-18T04:51:57.663Z",
    "dateReserved": "2025-05-22T18:12:07.427Z",
    "dateUpdated": "2025-11-19T04:55:23.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-40130 (GCVE-0-2023-40130)

Vulnerability from cvelistv5

Published

2023-10-27 20:22

Modified

2024-09-09 19:46

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Elevation of privilege

Summary

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

References

URL

Tags

	https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218
	https://source.android.com/security/bulletin/2023-10-01

Impacted products

	Vendor	Product	Version
	Google	Android	Version: 13 Version: 12L Version: 12 Version: 11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2023-10-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:google:android:12.0l:*:*:*:*:*:*:*",
              "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "android",
            "vendor": "google",
            "versions": [
              {
                "status": "affected",
                "version": "11.0"
              },
              {
                "status": "affected",
                "version": "12.0"
              },
              {
                "status": "affected",
                "version": "12.0l"
              },
              {
                "status": "affected",
                "version": "13.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-40130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:42:40.984572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:46:05.580Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Android",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "13"
            },
            {
              "status": "affected",
              "version": "12L"
            },
            {
              "status": "affected",
              "version": "12"
            },
            {
              "status": "affected",
              "version": "11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-27T20:22:57.878Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218"
        },
        {
          "url": "https://source.android.com/security/bulletin/2023-10-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2023-40130",
    "datePublished": "2023-10-27T20:22:57.878Z",
    "dateReserved": "2023-08-09T02:29:33.869Z",
    "dateUpdated": "2024-09-09T19:46:05.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-2472

Vulnerability from csaf_certbund

CVE-2025-48581 (GCVE-0-2025-48581)

Vulnerability from cvelistv5

CVE-2025-54957 (GCVE-0-2025-54957)

Vulnerability from cvelistv5

CVE-2025-27074 (GCVE-0-2025-27074)

Vulnerability from cvelistv5

CVE-2025-20730 (GCVE-0-2025-20730)

Vulnerability from cvelistv5

CVE-2025-47370 (GCVE-0-2025-47370)

Vulnerability from cvelistv5

CVE-2025-48593 (GCVE-0-2025-48593)

Vulnerability from cvelistv5

CVE-2023-40130 (GCVE-0-2023-40130)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature