7.8

CVSS3.1

CVE-2025-47347 - Stack-based Buffer Overflow in Automotive Software platform based on QNX

Memory corruption while processing control commands in the virtual memory management interface.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

7.1

CVSS3.1

CVE-2025-47342 - Use After Free in BT Controller

Transient DOS may occur when multi-profile concurrency arises with QHS enabled.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Oct. 21, 2025, 4:40 p.m.

7.8

CVSS3.1

CVE-2025-47341 - Buffer Copy Without Checking Size of Input in Camera

memory corruption while processing an image encoding completion event.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

7.8

CVSS3.1

CVE-2025-47340 - Out-of-bounds Write in DSP Service

Memory corruption while processing IOCTL call to get the mapping.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

7.8

CVSS3.1

CVE-2025-47338 - Untrusted Pointer Dereference in DSP Service

Memory corruption while processing escape commands from userspace.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

8.8

CVSS3.1

CVE-2025-27060 - Untrusted Pointer Dereference in TZ Firmware

Memory corruption while performing SCM call with malformed inputs.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

8.8

CVSS3.1

CVE-2025-27059 - Use of Out-of-range Pointer Offset in TZ Firmware

Memory corruption while performing SCM call.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

7.8

CVSS3.1

CVE-2025-27054 - Out-of-bounds Write in Display

Memory corruption while processing a malformed license file during reboot.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

7.8

CVSS3.1

CVE-2025-27053 - Incorrect Calculation of Buffer Size in HLOS

Memory corruption during PlayReady APP usecase while processing TA commands.

📅 Published: Oct. 9, 2025, 3:18 a.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

5.5

CVSS3.1

CVE-2025-27049 - Buffer Over-read in Camera

Transient DOS while processing IOCTL call for image encoding.

📅 Published: Oct. 9, 2025, 3:17 a.m. 🔄 Last Modified: Nov. 5, 2025, 6:31 p.m.

CVE Authored by @selmankon

7.8

CVE-2025-47347 - Stack-based Buffer Overflow in Automotive Software platform based on QNX

7.1

CVE-2025-47342 - Use After Free in BT Controller

7.8

CVE-2025-47341 - Buffer Copy Without Checking Size of Input in Camera

7.8

CVE-2025-47340 - Out-of-bounds Write in DSP Service

7.8

CVE-2025-47338 - Untrusted Pointer Dereference in DSP Service

8.8

CVE-2025-27060 - Untrusted Pointer Dereference in TZ Firmware

8.8

CVE-2025-27059 - Use of Out-of-range Pointer Offset in TZ Firmware

7.8

CVE-2025-27054 - Out-of-bounds Write in Display

7.8

CVE-2025-27053 - Incorrect Calculation of Buffer Size in HLOS

5.5

CVE-2025-27049 - Buffer Over-read in Camera