#VU110045 Use After Free in Qualcomm products - CVE-2025-27038
Published: June 2, 2025
Vulnerability identifier: #VU110045
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2025-27038
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
AR8031
CSRA6620
CSRA6640
FastConnect 7800
QCA2066
QCA6391
QCM6125
QCM8550
QCN9011
QCN9012
QCS6125
QCS8550
Qualcommr Video Collaboration VC1 Platform
SM6475
SM6650
SM6650P
SM7435
SM7635
SM7635P
Smart Audio 400 Platform
Snapdragon 4 Gen 2 Mobile Platform
Snapdragon 6 Gen 1 Mobile Platform
Snapdragon 680 4G Mobile Platform
Snapdragon 685 4G Mobile Platform (SM6225-AD)
Snapdragon W5+ Gen 1 Wearable Platform
SW5100
SW5100P
WCD9335
WCD9370
WCD9375
WCD9378
WCD9385
WCD9395
WCN3950
WCN3980
WCN3988
WCN6650
WCN6740
WCN6755
WSA8810
WSA8815
WSA8830
WSA8835
WSA8832
AR8031
CSRA6620
CSRA6640
FastConnect 7800
QCA2066
QCA6391
QCM6125
QCM8550
QCN9011
QCN9012
QCS6125
QCS8550
Qualcommr Video Collaboration VC1 Platform
SM6475
SM6650
SM6650P
SM7435
SM7635
SM7635P
Smart Audio 400 Platform
Snapdragon 4 Gen 2 Mobile Platform
Snapdragon 6 Gen 1 Mobile Platform
Snapdragon 680 4G Mobile Platform
Snapdragon 685 4G Mobile Platform (SM6225-AD)
Snapdragon W5+ Gen 1 Wearable Platform
SW5100
SW5100P
WCD9335
WCD9370
WCD9375
WCD9378
WCD9385
WCD9395
WCN3950
WCN3980
WCN3988
WCN6650
WCN6740
WCN6755
WSA8810
WSA8815
WSA8830
WSA8835
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics. A remote attacker can execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install security update from vendor's website.