Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Qualcomm, Inc. Snapdragon unaffected
Version Status Constraints
Cologne affected
FastConnect 6700 affected
FastConnect 6800 affected
FastConnect 6900 affected
FastConnect 7800 affected
LeMans_AU_LGIT affected
LeMansAU affected
Pandeiro affected
QAM8255P affected
QAMSRV1H affected
QAMSRV1M affected
QCA6391 affected
QCA6595 affected
QCA6595AU affected
QCA6696 affected
QCA6698AQ affected
QCA6797AQ affected
QLN1083BD affected
QLN1086BD affected
QPA1083BD affected
QPA1086BD affected
QXM1083 affected
QXM1086 affected
QXM1093 affected
QXM1094 affected
QXM1095 affected
QXM1096 affected
SA7255P affected
SA7775P affected
SA8255P affected
SA8620P affected
SA8770P affected
SA9000P affected
SAR1165P affected
SAR1250P affected
SAR2130P affected
SAR2230P affected
SD865 5G affected
Snapdragon 8 Elite Gen 5 affected
Snapdragon 865 5G Mobile Platform affected
Snapdragon 865+ 5G Mobile Platform affected
Snapdragon 870 5G Mobile Platform affected
Snapdragon AR1 Gen 1 Platform affected
Snapdragon AR1+ Gen 1 Platform affected
Snapdragon X55 5G Modem-RF System affected
Snapdragon XR2 5G Platform affected
Snapdragon XR2+ Gen 1 Platform affected
SRV1H affected
SRV1M affected
SXR2230P affected
SXR2250P affected
WCD9378C affected
WCD9380 affected
WCD9385 affected
WCD9395 affected
WCN3950 affected
WCN7860 affected
WCN7861 affected
WSA8810 affected
WSA8815 affected
WSA8830 affected
WSA8832 affected
WSA8835 affected
WSA8840 affected
WSA8845 affected
WSA8845H affected
X2000077 affected
X2000086 affected
X2000090 affected
X2000092 affected
X2000094 affected
XG101002 affected
XG101032 affected
XG101039 affected

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html cve-icon cve-icon
History

Mon, 02 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
Title Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-03-02T19:39:18.256Z

Reserved: 2025-05-06T08:33:16.266Z

Link: CVE-2025-47378

cve-icon Vulnrichment

Updated: 2026-03-02T19:39:13.800Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-02T17:16:25.453

Modified: 2026-03-02T20:29:29.330

Link: CVE-2025-47378

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses