CVE-2025-21426

EPSS 0.07%
Veröffentlicht 08.07.2025 12:48:47
Zuletzt bearbeitet 21.07.2025 19:37:20
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera_Linux

Memory corruption while processing camera TPG write request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 10 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Snapdragon Ar1 Gen 1 Platform Firmware Version-

Qualcomm ≫ Snapdragon Ar1 Gen 1 Platform Version-

Qualcomm ≫ Ssg2115p Firmware Version-

Qualcomm ≫ Ssg2115p Version-

Qualcomm ≫ Ssg2125p Firmware Version-

Qualcomm ≫ Ssg2125p Version-

Qualcomm ≫ Sxr1230p Firmware Version-

Qualcomm ≫ Sxr1230p Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8832 Firmware Version-

Qualcomm ≫ Wsa8832 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-21426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21426

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-21426