Qualcomm Secure OS memory corruption on lowmemory launch
CVE-2025-47396 Published on January 6, 2026
Double Free in Graphics
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Vulnerability Analysis
CVE-2025-47396 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Double-free Vulnerability?
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.
CVE-2025-47396 has been classified to as a Double-free vulnerability or weakness.
Products Associated with CVE-2025-47396
stack.watch emails you whenever new vulnerabilities are published in Qualcomm Snapdragon or Google Android. Just hit a watch button to start following.
Affected Versions
Qualcomm, Inc. Snapdragon:- Version FastConnect 6200 is affected.
- Version FastConnect 6700 is affected.
- Version FastConnect 6900 is affected.
- Version FastConnect 7800 is affected.
- Version QCS610 is affected.
- Version QMP1000 is affected.
- Version Qualcomm Video Collaboration VC1 Platform is affected.
- Version Qualcomm Video Collaboration VC3 Platform is affected.
- Version SM6475 is affected.
- Version SM7435 is affected.
- Version SM8735 is affected.
- Version SM8750 is affected.
- Version SM8750P is affected.
- Version Snapdragon 4 Gen 2 Mobile Platform is affected.
- Version Snapdragon 6 Gen 1 Mobile Platform is affected.
- Version Snapdragon AR1 Gen 1 Platform is affected.
- Version Snapdragon AR1 Gen 1 Platform "Luna1" is affected.
- Version Snapdragon W5+ Gen 1 Wearable Platform is affected.
- Version SW5100 is affected.
- Version SW5100P is affected.
- Version SXR2330P is affected.
- Version SXR2350P is affected.
- Version WCD9370 is affected.
- Version WCD9375 is affected.
- Version WCD9378 is affected.
- Version WCD9380 is affected.
- Version WCD9385 is affected.
- Version WCD9395 is affected.
- Version WCN3950 is affected.
- Version WCN3980 is affected.
- Version WCN3988 is affected.
- Version WCN6755 is affected.
- Version WCN7750 is affected.
- Version WCN7860 is affected.
- Version WCN7861 is affected.
- Version WCN7880 is affected.
- Version WCN7881 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version WSA8840 is affected.
- Version WSA8845 is affected.
- Version WSA8845H is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.