{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/qualcomm/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-25293"}],"_cs_exploited":false,"_cs_products":["PLC FW"],"_cs_severities":["critical"],"_cs_tags":["plc","buffer-overflow","industrial-control-systems","cve-2026-25293"],"_cs_type":"advisory","_cs_vendors":["Qualcomm"],"content_html":"\u003cp\u003eCVE-2026-25293 describes a buffer overflow vulnerability affecting Qualcomm\u0026rsquo;s Programmable Logic Controller Firmware (PLC FW).  The root cause is an incorrect authorization mechanism within the firmware. This flaw could allow an attacker to potentially overwrite memory buffers, leading to arbitrary code execution or denial of service. The vulnerability was disclosed in Qualcomm\u0026rsquo;s May 2026 security bulletin. Successful exploitation of this vulnerability could allow unauthorized modification of PLC configurations, potentially impacting industrial control systems and automation processes. The affected PLC FW is used in a range of industrial applications, increasing the scope and severity of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable PLC FW device on the network.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages CVE-2026-25293 to bypass authorization checks.\u003c/li\u003e\n\u003cli\u003eA crafted network packet is sent to the PLC FW, exploiting the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overflowed buffer overwrites critical memory regions.\u003c/li\u003e\n\u003cli\u003eAttacker gains control of PLC FW execution flow.\u003c/li\u003e\n\u003cli\u003eMalicious code is injected into the PLC memory space.\u003c/li\u003e\n\u003cli\u003eThe injected code executes, potentially modifying PLC logic or disrupting operations.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves unauthorized control over the PLC, leading to disruption, data manipulation, or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-25293 could allow attackers to gain complete control over Programmable Logic Controllers (PLCs). This could lead to significant disruptions in industrial control systems, manufacturing processes, and other automated systems. The vulnerability affects Qualcomm PLC FW, potentially impacting a large number of devices across various sectors. The high CVSS score of 9.6 reflects the critical impact of this vulnerability, including the potential for complete system compromise and denial of service.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches provided by Qualcomm as detailed in their May 2026 security bulletin (\u003ca href=\"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html\"\u003ehttps://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html\u003c/a\u003e) to remediate CVE-2026-25293.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Network Traffic to PLC Devices\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement strict network segmentation to limit the attack surface and prevent lateral movement to PLC devices.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected patterns or unauthorized access attempts to PLC devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T17:16:22Z","date_published":"2026-05-04T17:16:22Z","id":"/briefs/2026-05-plc-buffer-overflow/","summary":"CVE-2026-25293 is a critical buffer overflow vulnerability in Qualcomm PLC FW due to incorrect authorization, potentially allowing unauthorized access and control over programmable logic controllers.","title":"Qualcomm PLC FW Buffer Overflow via Incorrect Authorization (CVE-2026-25293)","url":"https://feed.craftedsignal.io/briefs/2026-05-plc-buffer-overflow/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2025-47408"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["memory corruption","ioctl","driver vulnerability","cve-2025-47408"],"_cs_type":"advisory","_cs_vendors":["Qualcomm"],"content_html":"\u003cp\u003eA memory corruption vulnerability has been identified in Qualcomm drivers, tracked as CVE-2025-47408. This vulnerability occurs when one driver makes an Input/Output Control (IOCTL) call to another driver using a malformed or invalid input/output buffer. The flaw stems from improper validation or handling of the provided buffer, leading to a memory corruption condition. Successful exploitation of this vulnerability could lead to arbitrary code execution, privilege escalation, or a denial-of-service condition. This vulnerability was disclosed in the May 2026 Qualcomm Security Bulletin. The potential impact necessitates that detection engineering teams prioritize identifying and mitigating this threat across systems utilizing affected Qualcomm components.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to the system, potentially through social engineering or exploiting another vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Qualcomm driver that is susceptible to IOCTL calls with invalid buffers.\u003c/li\u003e\n\u003cli\u003eThe attacker develops a malicious driver or application capable of making IOCTL calls.\u003c/li\u003e\n\u003cli\u003eThe malicious driver crafts a specific IOCTL request with a purposefully malformed input/output buffer.\u003c/li\u003e\n\u003cli\u003eThe malicious driver sends the crafted IOCTL request to the targeted Qualcomm driver.\u003c/li\u003e\n\u003cli\u003eThe targeted Qualcomm driver receives the IOCTL request and attempts to process the invalid buffer.\u003c/li\u003e\n\u003cli\u003eDue to the malformed buffer, the driver\u0026rsquo;s memory management routines are corrupted, leading to a write to an arbitrary memory location.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory corruption to execute arbitrary code, escalate privileges, or cause a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-47408 can have severe consequences. An attacker can gain complete control over the affected system, potentially leading to data theft, system compromise, or disruption of services. While the specific number of affected devices or sectors is not explicitly stated, the widespread use of Qualcomm components in various devices suggests a broad potential impact. If successful, this exploit could allow attackers to install persistent backdoors, steal sensitive information, or use the compromised device as a launching point for further attacks within the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creations for unsigned or untrusted drivers being loaded, and deploy the first Sigma rule provided below, to identify potential malicious driver activity.\u003c/li\u003e\n\u003cli\u003eEnable driver verifier on test systems using Qualcomm drivers to trigger memory corruption issues and aid in reverse engineering the vulnerability.\u003c/li\u003e\n\u003cli\u003eReview Qualcomm\u0026rsquo;s May 2026 Security Bulletin for specific device models and affected driver versions to prioritize patching efforts.\u003c/li\u003e\n\u003cli\u003eImplement the second Sigma rule to detect suspicious IOCTL calls originating from unusual processes or locations, focusing on potential exploitation attempts of CVE-2025-47408.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T17:16:21Z","date_published":"2026-05-04T17:16:21Z","id":"/briefs/2026-05-ioctl-memory-corruption/","summary":"A memory corruption vulnerability, CVE-2025-47408, exists in Qualcomm drivers when another driver calls an IOCTL with an invalid input/output buffer, potentially leading to code execution or denial of service.","title":"Qualcomm Driver IOCTL Memory Corruption Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-ioctl-memory-corruption/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2025-47407"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["memory-corruption","dsp","qualcomm","cve-2025-47407"],"_cs_type":"advisory","_cs_vendors":["Qualcomm"],"content_html":"\u003cp\u003eCVE-2025-47407 is a memory corruption vulnerability reported by Qualcomm, Inc., affecting digital signal processors (DSPs). The vulnerability stems from an allocation failure at the kernel level during process creation on the DSP. This can lead to memory corruption, potentially allowing an attacker to execute arbitrary code with elevated privileges. While the exact products affected are not specified, the issue resides within Qualcomm DSPs and could impact various devices utilizing these processors. This vulnerability was published on May 4, 2026, and requires patching of the affected DSP firmware to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a device containing a vulnerable Qualcomm DSP.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers a process creation event on the DSP. This could involve sending a specifically crafted request to the DSP or exploiting another vulnerability to initiate the process creation.\u003c/li\u003e\n\u003cli\u003eDuring the process creation, a memory allocation failure occurs within the DSP kernel.\u003c/li\u003e\n\u003cli\u003eThis allocation failure leads to memory corruption, where data is written to an incorrect memory location.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory corruption to overwrite critical kernel data structures or code.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the corrupted memory region.\u003c/li\u003e\n\u003cli\u003eThe DSP executes the injected malicious code, granting the attacker control over the DSP.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use the compromised DSP to further compromise the device or network it is connected to.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-47407 allows an attacker to execute arbitrary code on the DSP with elevated privileges. This can lead to a complete compromise of the affected device, allowing the attacker to steal sensitive data, install malware, or use the device as a launchpad for further attacks. The vulnerability can potentially impact a wide range of devices that utilize Qualcomm DSPs.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creation events for anomalies that may indicate a memory allocation failure, using the \u003ccode\u003eprocess_creation\u003c/code\u003e log category and filtering for processes related to the digital signal processor.\u003c/li\u003e\n\u003cli\u003eApply the security patch released by Qualcomm, as referenced in the advisory URL (\u003ca href=\"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html)\"\u003ehttps://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html)\u003c/a\u003e, to address the memory corruption vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential exploitation attempts by monitoring for specific events related to process creation and memory allocation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T17:16:21Z","date_published":"2026-05-04T17:16:21Z","id":"/briefs/2026-05-dsp-memory-corruption/","summary":"CVE-2025-47407 describes a memory corruption vulnerability affecting the digital signal processor due to allocation failure at the kernel level, potentially leading to arbitrary code execution with elevated privileges on affected systems.","title":"Memory Corruption Vulnerability in Digital Signal Processor (CVE-2025-47407)","url":"https://feed.craftedsignal.io/briefs/2026-05-dsp-memory-corruption/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2025-47405"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2025-47405","memory corruption","camera sensor","qualcomm"],"_cs_type":"advisory","_cs_vendors":["Qualcomm"],"content_html":"\u003cp\u003eCVE-2025-47405 is a high-severity vulnerability affecting Qualcomm products. It stems from a memory corruption issue that occurs when processing camera sensor input/output control codes with invalid output buffers. This vulnerability could be exploited by a local attacker with low privileges, potentially leading to memory corruption, denial of service, or arbitrary code execution. The vulnerability was reported to NIST on May 4, 2026. The specific Qualcomm products affected are not explicitly mentioned, but the issue lies within the camera sensor processing component. This vulnerability is concerning because successful exploitation could compromise the device\u0026rsquo;s integrity and availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA malicious application is installed on the target device, leveraging existing permissions or exploiting other vulnerabilities for installation.\u003c/li\u003e\n\u003cli\u003eThe malicious application gains low-level privileges, potentially through privilege escalation techniques, if necessary.\u003c/li\u003e\n\u003cli\u003eThe application interacts with the camera sensor through input/output control codes (IOCTLs).\u003c/li\u003e\n\u003cli\u003eThe application crafts a specific IOCTL request with an invalid output buffer size or memory address.\u003c/li\u003e\n\u003cli\u003eThe camera sensor processing component attempts to write data to the invalid output buffer.\u003c/li\u003e\n\u003cli\u003eThis write operation triggers a memory corruption condition due to the out-of-bounds access.\u003c/li\u003e\n\u003cli\u003eThe memory corruption can lead to a denial of service, causing the device to crash or become unresponsive.\u003c/li\u003e\n\u003cli\u003eIn more severe scenarios, the memory corruption could be leveraged to achieve arbitrary code execution, allowing the attacker to gain full control of the device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-47405 can lead to a range of negative consequences, from denial of service to arbitrary code execution. If an attacker gains code execution, they could potentially steal sensitive data, install malware, or use the device as part of a botnet. The exact number of affected devices is unknown, but given Qualcomm\u0026rsquo;s widespread presence in mobile devices and other embedded systems, the potential impact is significant. Sectors affected would primarily be consumer electronics and potentially industrial control systems using affected Qualcomm components.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for unexpected or malicious applications interacting with camera sensor devices, using process creation logs (logsource: process_creation, product: android).\u003c/li\u003e\n\u003cli\u003eImplement endpoint detection rules to detect suspicious process memory access patterns potentially related to memory corruption attempts (logsource: process_creation, product: android).\u003c/li\u003e\n\u003cli\u003eRefer to Qualcomm\u0026rsquo;s security bulletin for affected devices and patch information (references: \u003ca href=\"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html)\"\u003ehttps://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T10:00:00Z","date_published":"2024-01-23T10:00:00Z","id":"/briefs/2024-01-23-qualcomm-camera-memory-corruption/","summary":"CVE-2025-47405 is a memory corruption vulnerability in Qualcomm products related to processing camera sensor input/output control codes with invalid output buffers, potentially leading to arbitrary code execution.","title":"Qualcomm Camera Sensor Memory Corruption Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-23-qualcomm-camera-memory-corruption/"}],"language":"en","title":"CraftedSignal Threat Feed — Qualcomm","version":"https://jsonfeed.org/version/1.1"}