SB2025060235 - Multiple vulnerabilities in Qualcomm chipsets

Description

This security bulletin contains information about 18 vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2024-53013)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.

2) Untrusted Pointer Dereference (CVE-ID: CVE-2025-21486)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

3) Use After Free (CVE-ID: CVE-2025-27031)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Bluetooth HOST. A local application can execute arbitrary code.

4) Buffer over-read (CVE-ID: CVE-2025-27029)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN HAL. A remote attacker can perform a denial of service (DoS) attack.

5) Buffer over-read (CVE-ID: CVE-2024-53021)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A remote attacker can read and manipulate data.

6) Buffer over-read (CVE-ID: CVE-2024-53020)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A remote attacker can read and manipulate data.

7) Buffer over-read (CVE-ID: CVE-2024-53019)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A remote attacker can read and manipulate data.

8) Improper Access Control (CVE-ID: CVE-2024-53010)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

9) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-21485)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

10) Incorrect Authorization (CVE-ID: CVE-2025-21479)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Graphics. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

11) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-53018)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Camera Driver. A local application can read and manipulate data.

12) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2024-53017)

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Camera Driver. A local application can read and manipulate data.

13) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-53016)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Camera Driver. A local application can read and manipulate data.

14) Use After Free (CVE-ID: CVE-2024-53015)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Computer Vision. A local application can read and manipulate data.

15) Buffer over-read (CVE-ID: CVE-2025-21463)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can perform a denial of service (DoS) attack.

16) Buffer over-read (CVE-ID: CVE-2024-53026)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A remote attacker can read and manipulate data.

17) Use After Free (CVE-ID: CVE-2025-27038)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Graphics. A remote attacker can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

18) Incorrect Authorization (CVE-ID: CVE-2025-21480)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Graphics Windows. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html