CVE-2025-27038

Warnung

EPSS 1.81%
Veröffentlicht 03.06.2025 05:53:06
Zuletzt bearbeitet 04.06.2025 17:23:58
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Ar8031 Firmware Version-

Qualcomm ≫ Ar8031 Version-

Qualcomm ≫ Csra6620 Firmware Version-

Qualcomm ≫ Csra6620 Version-

Qualcomm ≫ Csra6640 Firmware Version-

Qualcomm ≫ Csra6640 Version-

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Qca2066 Firmware Version-

Qualcomm ≫ Qca2066 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Qcm6125 Firmware Version-

Qualcomm ≫ Qcm6125 Version-

Qualcomm ≫ Qcm8550 Firmware Version-

Qualcomm ≫ Qcm8550 Version-

Qualcomm ≫ Qcn9011 Firmware Version-

Qualcomm ≫ Qcn9011 Version-

Qualcomm ≫ Qcn9012 Firmware Version-

Qualcomm ≫ Qcn9012 Version-

Qualcomm ≫ Qcs6125 Firmware Version-

Qualcomm ≫ Qcs6125 Version-

Qualcomm ≫ Qcs8550 Firmware Version-

Qualcomm ≫ Qcs8550 Version-

Qualcomm ≫ Video Collaboration Vc1 Platform Firmware Version-

Qualcomm ≫ Video Collaboration Vc1 Platform Version-

Qualcomm ≫ Sm6475 Firmware Version-

Qualcomm ≫ Sm6475 Version-

Qualcomm ≫ Sm6650 Firmware Version-

Qualcomm ≫ Sm6650 Version-

Qualcomm ≫ Sm6650p Firmware Version-

Qualcomm ≫ Sm6650p Version-

Qualcomm ≫ Sm7435 Firmware Version-

Qualcomm ≫ Sm7435 Version-

Qualcomm ≫ Sm7635 Firmware Version-

Qualcomm ≫ Sm7635 Version-

Qualcomm ≫ Sm7635p Firmware Version-

Qualcomm ≫ Sm7635p Version-

Qualcomm ≫ Smart Audio 400 Platform Firmware Version-

Qualcomm ≫ Smart Audio 400 Platform Version-

Qualcomm ≫ Snapdragon 4 Gen 2 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 4 Gen 2 Mobile Platform Version-

Qualcomm ≫ Snapdragon 6 Gen 1 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 6 Gen 1 Mobile Platform Version-

Qualcomm ≫ Snapdragon 680 4g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 680 4g Mobile Platform Version-

Qualcomm ≫ Sw5100 Firmware Version-

Qualcomm ≫ Sw5100 Version-

Qualcomm ≫ Sw5100p Firmware Version-

Qualcomm ≫ Sw5100p Version-

Qualcomm ≫ Wcd9335 Firmware Version-

Qualcomm ≫ Wcd9335 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Wcd9375 Firmware Version-

Qualcomm ≫ Wcd9375 Version-

Qualcomm ≫ Wcd9378 Firmware Version-

Qualcomm ≫ Wcd9378 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wcd9395 Firmware Version-

Qualcomm ≫ Wcd9395 Version-

Qualcomm ≫ Wcn3950 Firmware Version-

Qualcomm ≫ Wcn3950 Version-

Qualcomm ≫ Wcn3980 Firmware Version-

Qualcomm ≫ Wcn3980 Version-

Qualcomm ≫ Wcn3988 Firmware Version-

Qualcomm ≫ Wcn3988 Version-

Qualcomm ≫ Wcn6650 Firmware Version-

Qualcomm ≫ Wcn6650 Version-

Qualcomm ≫ Wcn6740 Firmware Version-

Qualcomm ≫ Wcn6740 Version-

Qualcomm ≫ Wcn6755 Firmware Version-

Qualcomm ≫ Wcn6755 Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8832 Firmware Version-

Qualcomm ≫ Wsa8832 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

03.06.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Schwachstelle

Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.81%	0.822

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-security@qualcomm.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-27038

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27038

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27038

EUVD