CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Qualcomm has issued security updates to address three zero-day vulnerabilities affecting its Adreno Graphics Processing Unit (GPU) drivers. These flaws, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, impact numerous Qualcomm chipsets and have reportedly been exploited in limited, targeted attacks. The vulnerabilities involve memory corruption issues stemming from unauthorized command execution in the GPU microcode and a use-after-free condition during graphics rendering in Chrome. Google's Threat Analysis Group (TAG) alerted Qualcomm to these security lapses, emphasizing the urgency of addressing them to protect against potential exploitation.
Qualcomm swiftly responded by releasing patches to device vendors in May, urging them to deploy the updates to affected devices as soon as possible. The company states that CVE-2025-21479 and CVE-2025-21480 are critical flaws involving incorrect authorization in the Graphics component, leading to memory corruption. CVE-2025-27038 is a high-severity vulnerability concerning a use-after-free condition in the Graphics component that could also result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Affected chipsets include those in the Snapdragon 888, 8 Gen 2, and 8 Gen 3 families, as well as some entry-level and medium-tier chips like the Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 4 Gen 2, and Snapdragon 680.
While the specific details of how these vulnerabilities are being exploited remain unclear, Qualcomm stresses the importance of installing the patches promptly. The fact that exploiting these flaws requires local access to the device suggests potential use by surveillance companies or law enforcement agencies to unlock confiscated Android phones. Users are advised to check for security updates from their Android device providers to ensure they are protected against these zero-day exploits. Qualcomm's rapid response underscores the critical need for ongoing vigilance and proactive cybersecurity measures to safeguard against emerging threats.
ImgSrc: blogger.googleu
References :
Qualcomm swiftly responded by releasing patches to device vendors in May, urging them to deploy the updates to affected devices as soon as possible. The company states that CVE-2025-21479 and CVE-2025-21480 are critical flaws involving incorrect authorization in the Graphics component, leading to memory corruption. CVE-2025-27038 is a high-severity vulnerability concerning a use-after-free condition in the Graphics component that could also result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Affected chipsets include those in the Snapdragon 888, 8 Gen 2, and 8 Gen 3 families, as well as some entry-level and medium-tier chips like the Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 4 Gen 2, and Snapdragon 680.
While the specific details of how these vulnerabilities are being exploited remain unclear, Qualcomm stresses the importance of installing the patches promptly. The fact that exploiting these flaws requires local access to the device suggests potential use by surveillance companies or law enforcement agencies to unlock confiscated Android phones. Users are advised to check for security updates from their Android device providers to ensure they are protected against these zero-day exploits. Qualcomm's rapid response underscores the critical need for ongoing vigilance and proactive cybersecurity measures to safeguard against emerging threats.
ImgSrc: blogger.googleu
Share:
References :
- securityaffairs.com: Qualcomm fixed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild.
- The Hacker News: Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
- www.bleepingcomputer.com: Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.
- www.techradar.com: Qualcomm finally patches Adreno GPU zero-day flaws used in Android attacks
- www.zdnet.com: Qualcomm patches three exploited security flaws, but you could still be vulnerable
Classification:
- HashTags: #Qualcomm #AdrenoGPU #Vulnerabilities
- Company: Qualcomm
- Target: Android Devices
- Product: Adreno GPU
- Feature: Adreno GPU driver
- Malware: CVE-2025-21479, CVE-2025-21480, CVE-2025-27038
- Type: Vulnerability
- Severity: Major