Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Qualcomm boot process ELF image buffer overflow memory corruption

IdentifiersCVE-2025-47372CWE-120· Buffer Copy without Checking Size…

CVE-2025-47372 is a critical memory corruption vulnerability in a Qualcomm closed-source component affecting the boot process. The flaw occurs when a corrupted ELF image with an oversized file size is read into a buffer without proper size validation, and the operation is performed without authentication. In effect, a buffer copy/read path processes attacker-controlled ELF metadata or content without checking that the declared file size fits within the destination buffer, resulting in classic buffer overflow-style memory corruption. The available reporting indicates the vulnerable condition is triggered during ELF image processing in boot-related code, but no specific function, product, or chipset has been publicly identified in the provided material.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can corrupt memory in a boot-related Qualcomm component, with resulting impacts to confidentiality and integrity. Based on the provided CVSS characterization, the flaw does not primarily affect availability, but it can enable compromise of the vulnerable component and potentially execution of attacker-controlled behavior in a highly sensitive pre-OS or early-boot context. Because the issue is in the boot chain, exploitation could plausibly undermine trust in the boot process and facilitate deeper device compromise, although the exact post-exploitation scope is not publicly specified in the provided content.

Mitigation

If you can’t patch tonight, do this now.

Where immediate patching is not possible, reduce exposure by only allowing trusted, authenticated boot images and firmware components to be loaded, enforcing secure boot and image integrity verification throughout the boot chain, and preventing untrusted local actors from supplying or replacing ELF images used during boot. Additional defensive measures include hardening ELF parsing logic, adding fail-closed validation for malformed headers and size fields, and restricting local access paths that could introduce corrupted boot images. On Android devices, ensuring deployment of the December 2025 update and maintaining current vendor firmware is the primary mitigation.

Remediation

Patch, then assume compromise.

Apply the vendor security update that addresses CVE-2025-47372. In the Android ecosystem, this issue is covered by the December 2025 security updates, specifically the 2025-12-05 patch level that includes vendor and Qualcomm fixes. At the code level, remediation should include strict bounds checking before copying or reading ELF image data into fixed-size buffers, rejecting malformed or oversized ELF images, validating ELF headers and declared file sizes against actual buffer capacity, and enforcing authentication/integrity verification before processing uploaded or supplied boot images.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QualcommQam8255p Firmwareoperating_system
QualcommQam8620p Firmwareoperating_system
QualcommQam8650p Firmwareoperating_system
QualcommQam8775p Firmwareoperating_system
QualcommQamsrv1h Firmwareoperating_system
QualcommQamsrv1m Firmwareoperating_system
QualcommQca6595 Firmwareoperating_system
QualcommQca6595au Firmwareoperating_system
QualcommQca6678aq Firmwareoperating_system
QualcommQca6696 Firmwareoperating_system
QualcommQca6698aq Firmwareoperating_system
QualcommQca6797aq Firmwareoperating_system
QualcommSa7255p Firmwareoperating_system
QualcommSa7775p Firmwareoperating_system
QualcommSa8255p Firmwareoperating_system
QualcommSa8620p Firmwareoperating_system
QualcommSa8650p Firmwareoperating_system
QualcommSa8770p Firmwareoperating_system
QualcommSa8775p Firmwareoperating_system
QualcommSa9000p Firmwareoperating_system
QualcommSrv1h Firmwareoperating_system
QualcommSrv1l Firmwareoperating_system
QualcommSrv1m Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

13 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

13 SOURCESView more in app
cvefeed high severityNews
Dec 18, 2025
CVE-2025-47372 - Buffer Copy Without Checking Size of Input in Boot

A critical buffer overflow vulnerability in boot processes, triggered when a corrupted ELF image with an oversized file size is read into a buffer without authentication, leading to memory corruption.

Read more
bleeping computerNews
Dec 2, 2025
Google fixes two Android zero days exploited in attacks, 107 flaws

A critical vulnerability affecting Qualcomm-powered Android devices, details unspecified but fixed in the December 2025 update.

Read more
socradar blogNews
Dec 2, 2025
December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

Qualcomm closed-source component vulnerability (severity described as critical/high in aggregate) referenced as fixed in the December 2025 Android bulletin; details deferred to Qualcomm advisories.

Read more
security online infoNews
Dec 2, 2025
Android Emergency: Critical DoS Flaw and 2 Exploited Zero-Days in Framework Require Immediate Patch

A critical vulnerability in Qualcomm closed-source components addressed as part of the December 2025 Android security updates.

Read more
+2 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-47372
NVD
nvd.nist.gov/vuln/detail/CVE-2025-47372
MITRE CWE · CWE-120
Buffer Copy without Checking Size of Input…
Vendor Advisory
docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html