CVE-2025-21458

EPSS 0.02%
Veröffentlicht 06.08.2025 07:25:51
Zuletzt bearbeitet 19.08.2025 13:21:06
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900 Version-

Qualcomm ≫ Qam8255p Firmware Version-

Qualcomm ≫ Qam8255p Version-

Qualcomm ≫ Qam8650p Firmware Version-

Qualcomm ≫ Qam8650p Version-

Qualcomm ≫ Qam8775p Firmware Version-

Qualcomm ≫ Qam8775p Version-

Qualcomm ≫ Qca6174a Firmware Version-

Qualcomm ≫ Qca6174a Version-

Qualcomm ≫ Qca6698aq Firmware Version-

Qualcomm ≫ Qca6698aq Version-

Qualcomm ≫ Qca6797aq Firmware Version-

Qualcomm ≫ Qca6797aq Version-

Qualcomm ≫ Sa7255p Firmware Version-

Qualcomm ≫ Sa7255p Version-

Qualcomm ≫ Sa7775p Firmware Version-

Qualcomm ≫ Sa7775p Version-

Qualcomm ≫ Sa8255p Firmware Version-

Qualcomm ≫ Sa8255p Version-

Qualcomm ≫ Sa8620p Firmware Version-

Qualcomm ≫ Sa8620p Version-

Qualcomm ≫ Sa8650p Firmware Version-

Qualcomm ≫ Sa8650p Version-

Qualcomm ≫ Sa8775p Firmware Version-

Qualcomm ≫ Sa8775p Version-

Qualcomm ≫ Sa9000p Firmware Version-

Qualcomm ≫ Sa9000p Version-

Qualcomm ≫ Snapdragon 888 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 888 5g Mobile Platform Version-

Qualcomm ≫ Sw5100 Firmware Version-

Qualcomm ≫ Sw5100 Version-

Qualcomm ≫ Sw5100p Firmware Version-

Qualcomm ≫ Sw5100p Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wcn3980 Firmware Version-

Qualcomm ≫ Wcn3980 Version-

Qualcomm ≫ Wcn3988 Firmware Version-

Qualcomm ≫ Wcn3988 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-security@qualcomm.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-21458

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21458

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21458

EUVD