CVE-2025-27038

Published Jun 3, 2025

Last updated 4 months ago

Exploit knownCVSS high 7.5
Qualcomm
Adreno

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-27038 is a use-after-free vulnerability found in the Graphics component of Qualcomm's Adreno GPU drivers. This vulnerability can lead to memory corruption while rendering graphics, specifically when using the Adreno GPU drivers in Chrome. Qualcomm has released patches for this vulnerability, along with CVE-2025-21479 and CVE-2025-21480, and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that CVE-2025-27038 may be under limited, targeted exploitation.

Description
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Source
product-security@qualcomm.com
NVD status
Analyzed
Products
ar8031_firmware, csra6620_firmware, csra6640_firmware, fastconnect_7800_firmware, qca2066_firmware, qca6391_firmware, qcm6125_firmware, qcm8550_firmware, qcn9011_firmware, qcn9012_firmware, qcs6125_firmware, qcs8550_firmware, video_collaboration_vc1_platform_firmware, sm6475_firmware, sm6650_firmware, sm6650p_firmware, sm7435_firmware, sm7635_firmware, sm7635p_firmware, smart_audio_400_platform_firmware, snapdragon_4_gen_2_mobile_platform_firmware, snapdragon_6_gen_1_mobile_platform_firmware, snapdragon_680_4g_mobile_platform_firmware, snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware, snapdragon_w5\+_gen_1_wearable_platform_firmware, sw5100_firmware, sw5100p_firmware, wcd9335_firmware, wcd9370_firmware, wcd9375_firmware, wcd9378_firmware, wcd9385_firmware, wcd9395_firmware, wcn3950_firmware, wcn3980_firmware, wcn3988_firmware, wcn6650_firmware, wcn6740_firmware, wcn6755_firmware, wsa8810_firmware, wsa8815_firmware, wsa8830_firmware, wsa8832_firmware, wsa8835_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Exploit added on
Jun 3, 2025
Exploit action due
Jun 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

product-security@qualcomm.com
CWE-416

Social media

Hype score
Not currently trending

  1. 🚨 تحذير أمني: جوجل تصدر تحديث الأمان للأندرويد أغسطس 2025، الذي يعالج ثغرات خطيرة مثل CVE-2025-21479 و CVE-2025-27038. هذه الثغرات استُغلت فعليًا في هجمات موجهة. تأكد من

    @Cybereayn

    10 Aug 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Fratelli di #Pixel .... aggiornare. Tra le altre, risolte due vulnerabilità critiche ( CVE-2025-21479 e CVE-2025-27038) sfruttate attivamente. https://t.co/AC9tiGyrb7

    @sonoclaudio

    7 Aug 2025

    976 Impressions

    5 Retweets

    19 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

  3. Google’s August Android update patches CVE-2025-27038, an actively exploited flaw in Qualcomm GPU drivers—highlighting a critical delay in mobile security supply chains. #Android #SecurityUpdate #PatchTuesday https://t.co/YaBYYSBf4c

    @DailyDataDosee

    6 Aug 2025

    44 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Active exploitation of CVE-2025-21479, CVE-2025-27038, and CVE-21480 highlights the urgency for Android users to update devices. Qualcomm graphics flaws enable memory corruption and remote code execution. #AndroidUpdate #Qualcomm #Japan https://t.co/U55bBOj8NS

    @TweetThreatNews

    6 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🔨Googleが8月の月例パッチをリリース、悪用が確認されたQualcommの脆弱性2件などを修正(CVE-2025-21479、CVE-2025-27038他) 💻Broadcomチップ搭載のDell製PC100機種以上に複数の重大な欠陥、早急なパッチ適用を呼びか

    @MachinaRecord

    6 Aug 2025

    158 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Google's August 2025 Android security update addresses six vulnerabilities, including two Qualcomm flaws (CVE-2025-21479 and CVE-2025-27038) exploited in targeted attacks. https://t.co/rHOht4GjMG

    @securityRSS

    5 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Google, Android işletim sistemi için kritik güvenlik güncellemelerini yayınladı. Bu güncellemeler, özellikle sahada aktif olarak kötüye kullanılan iki önemli Qualcomm güvenlik açığını gideriyor. CVE-2025-21479 (CVSS puanı: 8.6) ve CVE-2025-27038 (CVSS puanı: 7

    @et2mas

    5 Aug 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Google's August 2025 Android update patches six vulnerabilities, including a Qualcomm GPU use-after-free flaw (CVE-2025-27038) exploited for remote code execution. Timely updates crucial for device security. #Android #Qualcomm #Korea https://t.co/VwHNUprRF5

    @TweetThreatNews

    5 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Google releases Android patches for six vulnerabilities in August 2025 update, including fixes for Qualcomm GPU flaws CVE-2025-21479 and CVE-2025-27038 exploited in targeted attacks. #Android #Qualcomm #Security https://t.co/nWM4PkOwVy

    @TweetThreatNews

    5 Aug 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-27038 (CVSS:7.5, HIGH) is Analyzed. Memory corruption while rendering graphics using Adreno GPU drivers in Chrome...https://t.co/UZxStE0qyE #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    8 Jun 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-27038 #Qualcomm Multiple Chipsets Use-After-Free Vulnerability https://t.co/oWf75beZOz

    @ScyScan

    5 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Heads up, cybersecurity folks! CVE-2025-27038 has emerged as a high-risk threat—memory corruption involving Adreno GPU drivers in Chrome. 👾🖥️ With exploitation likely in the next 30 days, ensure your systems are up-to-date and secure now! 💪🔒 #CyberSecurity #C

    @SecAideInfo

    5 Jun 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🛡️ We added Qualcomm vulnerabilities CVE-2025-21479, CVE-2025-21480 & CVE-2025-27038—impacting multiple chipsets—to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/aEBiHHlS7W & apply mitigations to protect your org from cyberattacks. https://t.co/

    @NETFIXERTECH

    4 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Actively exploited CVE : CVE-2025-27038

    @transilienceai

    4 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の追加。クアルコムAderno GPUで修正されたCVE-2025-21479、CVE-2025-21480、CVE-2025-27038。対処期限は通常の6/24でランサムウ

    @__kokumoto

    3 Jun 2025

    714 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. 🛡️ We added Qualcomm vulnerabilities CVE-2025-21479, CVE-2025-21480 & CVE-2025-27038—impacting multiple chipsets—to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. https://t.co/

    @CISACyber

    3 Jun 2025

    5333 Impressions

    12 Retweets

    32 Likes

    2 Bookmarks

    1 Reply

    1 Quote

  17. Qualcomm fixed three zero-days exploited in limited and targeted attacks CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 —exploited in limited, targeted attacks, as reported by Google’s Android Security and Threat Analysis teams. The first two (CVSS 8.6) involve incorrect

    @dCypherIO

    3 Jun 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Nova vulnerabilidade no Chrome! A falha CVE-2025-27038 em drivers Adreno GPU pode levar à corrupção de memória. 🛡️ Mantenha seu Chrome atualizado e pratique a navegação segura para se proteger. Saiba mais detalhes: #Chrome #Vulnerabilidade #Segurança https://t

    @fernandokarl

    3 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. ⚠️Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users Read more: https://t.co/ZwrKSRIKUS 📌CVE-2025-21479 📌CVE-2025-21480 📌CVE-2025-27038 Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilitie

    @The_Cyber_News

    2 Jun 2025

    416 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️Actualizaciones de seguridad de Qualcomm ❗CVE-2025-21479 ❗CVE-2025-21480 ❗CVE-2025-27038 ➡️Más info: https://t.co/vSdtuBR8xQ https://t.co/BaZy1EnwaJ

    @CERTpy

    2 Jun 2025

    125 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 Qualcomm just patched 3 zero-days actively exploited in the wild—two rated CVSS 8.6. ▶ CVE-2025-21479 ▶ CVE-2025-21480 ▶ CVE-2025-27038 👀 A twist? Similar bugs were used by spyware vendors like Variston and Cy4Gate. More here: https://t.co/FtxbN7hPcs

    @TheHackersNews

    2 Jun 2025

    13501 Impressions

    69 Retweets

    142 Likes

    23 Bookmarks

    1 Reply

    1 Quote

  22. Qualcomm June 2025 Security Bulletin https://t.co/pD7SaUzvR9 "There are indications from Google TAG that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation" https://t.co/7PXRdJk1IS

    @xvonfers

    2 Jun 2025

    15390 Impressions

    9 Retweets

    38 Likes

    20 Bookmarks

    12 Replies

    2 Quotes

Configurations

References

Sources include official advisories and independent security research.