Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0937
Vulnerability from csaf_certbund
Published
2025-05-05 22:00
Modified
2025-05-05 22:00
Summary
Android Patchday Mai 2025: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um erhöhte Privilegien zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben oder andere nicht spezifizierte Angriffe auszuführen.
Betroffene Betriebssysteme
- Android
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um erh\u00f6hte Privilegien zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben oder andere nicht spezifizierte Angriffe auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0937 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0937.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0937 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0937"
},
{
"category": "external",
"summary": "Android Patchday Mai 2025 vom 2025-05-05",
"url": "https://source.android.com/docs/security/bulletin/2025-05-01"
}
],
"source_lang": "en-US",
"title": "Android Patchday Mai 2025: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-05T22:00:00.000+00:00",
"generator": {
"date": "2025-05-06T08:38:45.660+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0937",
"initial_release_date": "2025-05-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "13 \u003c2025-05-05",
"product": {
"name": "Google Android 13 \u003c2025-05-05",
"product_id": "T043355"
}
},
{
"category": "product_version",
"name": "13 2025-05-05",
"product": {
"name": "Google Android 13 2025-05-05",
"product_id": "T043355-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:13__2025-05-05"
}
}
},
{
"category": "product_version_range",
"name": "14 \u003c2025-05-05",
"product": {
"name": "Google Android 14 \u003c2025-05-05",
"product_id": "T043356"
}
},
{
"category": "product_version",
"name": "14 2025-05-05",
"product": {
"name": "Google Android 14 2025-05-05",
"product_id": "T043356-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:14__2025-05-05"
}
}
},
{
"category": "product_version_range",
"name": "15 \u003c2025-05-05",
"product": {
"name": "Google Android 15 \u003c2025-05-05",
"product_id": "T043357"
}
},
{
"category": "product_version",
"name": "15 2025-05-05",
"product": {
"name": "Google Android 15 2025-05-05",
"product_id": "T043357-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:15__2025-05-05"
}
}
}
],
"category": "product_name",
"name": "Android"
}
],
"category": "vendor",
"name": "Google"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-21342",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2023-21342"
},
{
"cve": "CVE-2023-35657",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2023-35657"
},
{
"cve": "CVE-2024-12577",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-12577"
},
{
"cve": "CVE-2024-34739",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-34739"
},
{
"cve": "CVE-2024-45580",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-45580"
},
{
"cve": "CVE-2024-46974",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-46974"
},
{
"cve": "CVE-2024-46975",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-46975"
},
{
"cve": "CVE-2024-47891",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-47891"
},
{
"cve": "CVE-2024-47896",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-47896"
},
{
"cve": "CVE-2024-47900",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-47900"
},
{
"cve": "CVE-2024-49739",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49739"
},
{
"cve": "CVE-2024-49835",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49835"
},
{
"cve": "CVE-2024-49841",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49841"
},
{
"cve": "CVE-2024-49842",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49842"
},
{
"cve": "CVE-2024-49845",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49845"
},
{
"cve": "CVE-2024-49846",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49846"
},
{
"cve": "CVE-2024-49847",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-49847"
},
{
"cve": "CVE-2024-52939",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-52939"
},
{
"cve": "CVE-2025-0072",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-0072"
},
{
"cve": "CVE-2025-0077",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-0077"
},
{
"cve": "CVE-2025-0087",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-0087"
},
{
"cve": "CVE-2025-0427",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-0427"
},
{
"cve": "CVE-2025-20666",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-20666"
},
{
"cve": "CVE-2025-21453",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-21453"
},
{
"cve": "CVE-2025-21459",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-21459"
},
{
"cve": "CVE-2025-21467",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-21467"
},
{
"cve": "CVE-2025-21468",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-21468"
},
{
"cve": "CVE-2025-22425",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-22425"
},
{
"cve": "CVE-2025-26420",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26420"
},
{
"cve": "CVE-2025-26421",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26421"
},
{
"cve": "CVE-2025-26422",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26422"
},
{
"cve": "CVE-2025-26423",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26423"
},
{
"cve": "CVE-2025-26424",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26424"
},
{
"cve": "CVE-2025-26425",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26425"
},
{
"cve": "CVE-2025-26426",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26426"
},
{
"cve": "CVE-2025-26427",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26427"
},
{
"cve": "CVE-2025-26428",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26428"
},
{
"cve": "CVE-2025-26429",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26429"
},
{
"cve": "CVE-2025-26430",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26430"
},
{
"cve": "CVE-2025-26435",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26435"
},
{
"cve": "CVE-2025-26436",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26436"
},
{
"cve": "CVE-2025-26438",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26438"
},
{
"cve": "CVE-2025-26440",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26440"
},
{
"cve": "CVE-2025-26442",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26442"
},
{
"cve": "CVE-2025-26444",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-26444"
},
{
"cve": "CVE-2025-27363",
"product_status": {
"known_affected": [
"T043355",
"T043356",
"T043357"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-27363"
}
]
}
CVE-2025-27363 (GCVE-0-2025-27363)
Vulnerability from cvelistv5
Published
2025-03-11 13:28
Modified
2025-07-30 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds Write (CWE-787)
Summary
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27363",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T03:55:53.843762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27363"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:18.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://source.android.com/docs/security/bulletin/2025-05-01"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-06T00:00:00+00:00",
"value": "CVE-2025-27363 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-06T22:02:53.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/14/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/14/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/14/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/14/4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00030.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FreeType",
"vendor": "FreeType",
"versions": [
{
"lessThanOrEqual": "2.13.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T12:54:55.748Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-27363"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-27363",
"datePublished": "2025-03-11T13:28:31.705Z",
"dateReserved": "2025-02-21T19:53:14.160Z",
"dateUpdated": "2025-07-30T01:36:18.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49846 (GCVE-0-2024-49846)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-06 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
Memory corruption while decoding of OTA messages from T3448 IE.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: FastConnect 7800 Version: QCA6574AU Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCC710 Version: QCN6224 Version: QCN6274 Version: QFW7114 Version: QFW7124 Version: SDX80M Version: SM8750 Version: SM8750P Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: SW5100 Version: SW5100P Version: WCD9340 Version: WCD9395 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:48:05.747218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:52:55.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while decoding of OTA messages from T3448 IE."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:23.580Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Buffer Over-read in Multi-Mode Call Processor"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49846",
"datePublished": "2025-05-06T08:32:23.580Z",
"dateReserved": "2024-10-20T17:18:43.218Z",
"dateUpdated": "2025-05-06T15:52:55.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49845 (GCVE-0-2024-49845)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Memory corruption during the FRS UDS generation process.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6174A Version: QCA6391 Version: QCA6421 Version: QCA6426 Version: QCA6431 Version: QCA6436 Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCC710 Version: QCM5430 Version: QCM6490 Version: QCM8550 Version: QCN6224 Version: QCN6274 Version: QCN9274 Version: QCS5430 Version: QCS615 Version: QCS6490 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QDU1000 Version: QDU1010 Version: QDU1110 Version: QDU1210 Version: QDX1010 Version: QDX1011 Version: QEP8111 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: QRU1032 Version: QRU1052 Version: QRU1062 Version: QSM8350 Version: Qualcomm Video Collaboration VC3 Platform Version: SA6145P Version: SA6150P Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8145P Version: SA8150P Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SA8530P Version: SA8540P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SC8380XP Version: SD 8 Gen1 5G Version: SD865 5G Version: SM4635 Version: SM6650 Version: SM6650P Version: SM7250P Version: SM7635 Version: SM7675 Version: SM7675P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon X32 5G Modem-RF System Version: Snapdragon X35 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: SRV1H Version: SRV1L Version: SRV1M Version: SXR2130 Version: SXR2330P Version: WCD9340 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3950 Version: WCN3988 Version: WCN6450 Version: WCN6650 Version: WCN6755 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:29.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Technology",
"Snapdragon WBC"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8530P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption during the FRS UDS generation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:22.347Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Improper Input Validation in HLOS"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49845",
"datePublished": "2025-05-06T08:32:22.347Z",
"dateReserved": "2024-10-20T17:18:43.217Z",
"dateUpdated": "2025-05-07T03:55:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46975 (GCVE-0-2024-46975)
Vulnerability from cvelistv5
Published
2025-02-22 14:44
Modified
2025-02-24 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - CWE - Privilege Context Switching Error (4.16)
Summary
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T16:20:08.189873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T16:22:17.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest\u0027s virtualised GPU memory.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest\u0027s virtualised GPU memory."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "CWE - CWE-270: Privilege Context Switching Error (4.16)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:44:25.177Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - rgxfw_write_robustness_buffer allows arbitrary catreg set mapping",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-46975",
"datePublished": "2025-02-22T14:44:25.177Z",
"dateReserved": "2024-09-16T13:20:45.924Z",
"dateUpdated": "2025-02-24T16:22:17.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47900 (GCVE-0-2024-47900)
Vulnerability from cvelistv5
Published
2025-01-31 03:19
Modified
2025-03-14 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:28:38.746021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:20:10.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM2",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.\u003cbr\u003e"
}
],
"value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129: Pointer Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T03:19:33.603Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-47900",
"datePublished": "2025-01-31T03:19:33.603Z",
"dateReserved": "2024-10-04T16:08:49.939Z",
"dateUpdated": "2025-03-14T15:20:10.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49841 (GCVE-0-2024-49841)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AQT1000 Version: AR8035 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCC710 Version: QCM5430 Version: QCM6490 Version: QCM8550 Version: QCN6224 Version: QCN6274 Version: QCN9274 Version: QCS5430 Version: QCS6490 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QDU1000 Version: QDU1010 Version: QDU1110 Version: QDU1210 Version: QDX1010 Version: QDX1011 Version: QEP8111 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: QRU1032 Version: QRU1052 Version: QRU1062 Version: QSM8350 Version: Qualcomm Video Collaboration VC3 Platform Version: Robotics RB3 Platform Version: SA6145P Version: SA6155 Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8255P Version: SA8295P Version: SA8540P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SC8380XP Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD670 Version: SD675 Version: SD855 Version: SD865 5G Version: SDX55 Version: SDX57M Version: SDX80M Version: SM7250P Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 850 Mobile Compute Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon X24 LTE Modem Version: Snapdragon X32 5G Modem-RF System Version: Snapdragon X35 5G Modem-RF System Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: SRV1H Version: SRV1L Version: SRV1M Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2130 Version: SXR2330P Version: Vision Intelligence 300 Platform Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3950 Version: WCN3980 Version: WCN3990 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T03:55:34.813937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T18:54:32.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon Technology"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX57M"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 845 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 850 Mobile Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X24 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "Vision Intelligence 300 Platform"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390 Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:18.628Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Detection of Error Condition Without Action in Hypervisor"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49841",
"datePublished": "2025-05-06T08:32:18.628Z",
"dateReserved": "2024-10-20T17:18:43.216Z",
"dateUpdated": "2025-05-07T18:54:32.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21468 (GCVE-0-2025-21468)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: MDM9628 Version: QAM8295P Version: QCA6174A Version: QCA6391 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCM4490 Version: QCM5430 Version: QCM6490 Version: QCM8550 Version: QCN6024 Version: QCN9011 Version: QCN9012 Version: QCN9024 Version: QCN9274 Version: QCS410 Version: QCS4490 Version: QCS5430 Version: QCS610 Version: QCS615 Version: QCS6490 Version: QCS7230 Version: QCS8250 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QMP1000 Version: QRB5165M Version: QRB5165N Version: QSM8350 Version: Qualcomm Video Collaboration VC1 Platform Version: Qualcomm Video Collaboration VC3 Platform Version: Qualcomm Video Collaboration VC5 Platform Version: Robotics RB2 Platform Version: Robotics RB5 Platform Version: SA4150P Version: SA4155P Version: SA6145P Version: SA6150P Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155P Version: SA8195P Version: SA8295P Version: SA8530P Version: SA8540P Version: SA9000P Version: SD 8 Gen1 5G Version: SD888 Version: SDX61 Version: SG8275P Version: SM6370 Version: SM6650 Version: SM6650P Version: SM7315 Version: SM7325P Version: SM7635 Version: SM7675 Version: SM7675P Version: SM8550P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8735 Version: SM8750 Version: SM8750P Version: Smart Audio 400 Platform Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 4 Gen 2 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 2 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 2 Mobile Platform Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X12 LTE Modem Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: SSG2115P Version: SSG2125P Version: SW5100 Version: SW5100P Version: SXR1230P Version: SXR2230P Version: SXR2250P Version: SXR2330P Version: TalynPlus Version: Vision Intelligence 400 Platform Version: WCD9335 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6450 Version: WCN6650 Version: WCN6740 Version: WCN6755 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:23.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "Flight RB5 5G Platform"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS7230"
},
{
"status": "affected",
"version": "QCS8250"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC5 Platform"
},
{
"status": "affected",
"version": "Robotics RB2 Platform"
},
{
"status": "affected",
"version": "Robotics RB5 Platform"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8530P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SDX61"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM6370"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
},
{
"status": "affected",
"version": "Snapdragon 780G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X12 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "TalynPlus"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:32.919Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Out-of-bounds Write in Computer Vision"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-21468",
"datePublished": "2025-05-06T08:32:32.919Z",
"dateReserved": "2024-12-18T09:50:08.927Z",
"dateUpdated": "2025-05-07T03:55:23.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21342 (GCVE-0-2023-21342)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:00:54.743362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:05:01.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:24.136Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21342",
"datePublished": "2023-10-30T16:56:35.319Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:05:01.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49842 (GCVE-0-2024-49842)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AQT1000 Version: AR8035 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCC710 Version: QCM5430 Version: QCM6490 Version: QCM8550 Version: QCN6224 Version: QCN6274 Version: QCN9274 Version: QCS5430 Version: QCS6490 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QDU1000 Version: QDU1010 Version: QDU1110 Version: QDU1210 Version: QDX1010 Version: QDX1011 Version: QEP8111 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: QRU1032 Version: QRU1052 Version: QRU1062 Version: QSM8350 Version: Qualcomm Video Collaboration VC3 Platform Version: Robotics RB3 Platform Version: SA6145P Version: SA6155 Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8255P Version: SA8295P Version: SA8540P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SC8380XP Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD670 Version: SD675 Version: SD855 Version: SD865 5G Version: SDM429W Version: SDX55 Version: SDX57M Version: SDX80M Version: SM7250P Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 429 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 850 Mobile Compute Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon Wear 4100+ Platform Version: Snapdragon X24 LTE Modem Version: Snapdragon X32 5G Modem-RF System Version: Snapdragon X35 5G Modem-RF System Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: SRV1H Version: SRV1L Version: SRV1M Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2130 Version: SXR2330P Version: Vision Intelligence 300 Platform Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3950 Version: WCN3980 Version: WCN3990 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:32.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon Technology",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX57M"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 429 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 845 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 850 Mobile Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon Wear 4100+ Platform"
},
{
"status": "affected",
"version": "Snapdragon X24 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "Vision Intelligence 300 Platform"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:19.898Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Improper Access Control in Hypervisor"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49842",
"datePublished": "2025-05-06T08:32:19.898Z",
"dateReserved": "2024-10-20T17:18:43.217Z",
"dateUpdated": "2025-05-07T03:55:32.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49847 (GCVE-0-2024-49847)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: FastConnect 7800 Version: QCA6574AU Version: QCA6584AU Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCC710 Version: QCN6224 Version: QCN6274 Version: QFW7114 Version: QFW7124 Version: SDM429W Version: SDX80M Version: SM7675 Version: SM7675P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8750 Version: SM8750P Version: Snapdragon 429 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon Wear 4100+ Platform Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: WCD9340 Version: WCD9370 Version: WCD9375 Version: WCD9390 Version: WCD9395 Version: WCN3610 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WCN6755 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T16:56:15.782429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:59:15.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 429 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon Wear 4100+ Platform"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:24.772Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Buffer Over-read in Multi-Mode Call Processor"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49847",
"datePublished": "2025-05-06T08:32:24.772Z",
"dateReserved": "2024-10-20T17:18:43.218Z",
"dateUpdated": "2025-05-06T16:59:15.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21467 (GCVE-0-2025-21467)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Memory corruption while reading the FW response from the shared queue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: CSRA6620 Version: CSRA6640 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: MDM9628 Version: QAM8295P Version: QCA6174A Version: QCA6391 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA9377 Version: QCM5430 Version: QCM6490 Version: QCN9011 Version: QCN9012 Version: QCS410 Version: QCS5430 Version: QCS610 Version: QCS6490 Version: QCS7230 Version: QRB5165M Version: QRB5165N Version: Qualcomm 215 Mobile Platform Version: Qualcomm Video Collaboration VC1 Platform Version: Qualcomm Video Collaboration VC3 Platform Version: Qualcomm Video Collaboration VC5 Platform Version: Robotics RB5 Platform Version: SA4150P Version: SA4155P Version: SA6145P Version: SA6150P Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155P Version: SA8195P Version: SA8295P Version: SD660 Version: SD865 5G Version: SM4125 Version: SM7250P Version: Smart Audio 400 Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 662 Mobile Platform Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X12 LTE Modem Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: SW5100 Version: SW5100P Version: SXR2230P Version: SXR2250P Version: WCD9326 Version: WCD9335 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3615 Version: WCN3660B Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:24.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "Flight RB5 5G Platform"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS7230"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "Qualcomm 215 Mobile Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC5 Platform"
},
{
"status": "affected",
"version": "Robotics RB5 Platform"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 660 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
},
{
"status": "affected",
"version": "Snapdragon 690 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 750G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X12 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while reading the FW response from the shared queue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:31.645Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Out-of-bounds Write in Computer Vision"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-21467",
"datePublished": "2025-05-06T08:32:31.645Z",
"dateReserved": "2024-12-18T09:50:08.927Z",
"dateUpdated": "2025-05-07T03:55:24.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52939 (GCVE-0-2024-52939)
Vulnerability from cvelistv5
Published
2025-02-22 14:54
Modified
2025-02-24 12:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - CWE - Use of Out-of-range Pointer Offset (4.16)
Summary
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T12:28:07.734436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T12:28:55.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest\u0027s virtualised GPU memory.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest\u0027s virtualised GPU memory."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE - CWE-823: Use of Out-of-range Pointer Offset (4.16)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:54:56.218Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - RGXFWIF_HWPERF_CTL_BLK.uiNumCounters OOB write",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-52939",
"datePublished": "2025-02-22T14:54:56.218Z",
"dateReserved": "2024-11-18T04:55:52.555Z",
"dateUpdated": "2025-02-24T12:28:55.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34739 (GCVE-0-2024-34739)
Vulnerability from cvelistv5
Published
2024-08-15 21:56
Modified
2024-08-16 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:24.457769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T14:20:14.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T21:56:32.805Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/50e1f8f36e32928d10e72324c05a203a6db9f7fb"
},
{
"url": "https://source.android.com/security/bulletin/2024-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2024-34739",
"datePublished": "2024-08-15T21:56:32.805Z",
"dateReserved": "2024-05-07T20:40:55.716Z",
"dateUpdated": "2024-08-16T14:20:14.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12577 (GCVE-0-2024-12577)
Vulnerability from cvelistv5
Published
2025-02-22 14:58
Modified
2025-03-18 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - CWE - Use of Out-of-range Pointer Offset (4.16)
Summary
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T19:42:17.355438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:42:29.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE - CWE-823: Use of Out-of-range Pointer Offset (4.16)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:58:33.780Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - rgxfw_pcset_ungrab OOB write via psFWMemContext-\u003euiPageCatBaseRegSet",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-12577",
"datePublished": "2025-02-22T14:58:33.780Z",
"dateReserved": "2024-12-12T15:49:50.965Z",
"dateUpdated": "2025-03-18T19:42:29.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21459 (GCVE-0-2025-21459)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-06 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
Transient DOS while parsing per STA profile in ML IE.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: FastConnect 6700 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6391 Version: QCA6554A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6777AQ Version: QCA6787AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCC2073 Version: QCC2076 Version: QCC710 Version: QCM5430 Version: QCM6490 Version: QCM8550 Version: QCN6224 Version: QCN6274 Version: QCN9011 Version: QCN9012 Version: QCN9274 Version: QCS5430 Version: QCS615 Version: QCS6490 Version: QCS7230 Version: QCS8250 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: QRB5165N Version: Qualcomm Video Collaboration VC3 Platform Version: Qualcomm Video Collaboration VC5 Platform Version: Robotics RB5 Platform Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SG8275P Version: SM6650 Version: SM6650P Version: SM7635 Version: SM7675 Version: SM7675P Version: SM8550P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 8 Gen 2 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 8+ Gen 2 Mobile Platform Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: SRV1H Version: SRV1L Version: SRV1M Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2230P Version: SXR2250P Version: SXR2330P Version: Vision Intelligence 400 Platform Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3990 Version: WCN6450 Version: WCN6650 Version: WCN6755 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:37:21.893527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:38:26.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Consumer Electronics Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon WBC"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "Flight RB5 5G Platform"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6554A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6777AQ"
},
{
"status": "affected",
"version": "QCA6787AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC2073"
},
{
"status": "affected",
"version": "QCC2076"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS7230"
},
{
"status": "affected",
"version": "QCS8250"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC5 Platform"
},
{
"status": "affected",
"version": "Robotics RB5 Platform"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS while parsing per STA profile in ML IE."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:27.901Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Buffer Over-read in WLAN Host Communication"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-21459",
"datePublished": "2025-05-06T08:32:27.901Z",
"dateReserved": "2024-12-18T09:50:08.926Z",
"dateUpdated": "2025-05-06T15:38:26.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46974 (GCVE-0-2024-46974)
Vulnerability from cvelistv5
Published
2025-01-31 03:07
Modified
2025-03-20 14:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:42:23.922631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T14:32:48.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "CWE-274: Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T03:07:15.179Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - Arbitrary write of read-only dmabuf",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-46974",
"datePublished": "2025-01-31T03:07:15.179Z",
"dateReserved": "2024-09-16T13:20:45.924Z",
"dateUpdated": "2025-03-20T14:32:48.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20666 (GCVE-0-2025-20666)
Vulnerability from cvelistv5
Published
2025-05-05 02:49
Modified
2025-05-12 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T17:52:06.340168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T17:52:20.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8673, MT8675, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T02:49:10.026Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/May-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20666",
"datePublished": "2025-05-05T02:49:10.026Z",
"dateReserved": "2024-11-01T01:21:50.368Z",
"dateUpdated": "2025-05-12T17:52:20.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0072 (GCVE-0-2025-0072)
Vulnerability from cvelistv5
Published
2025-05-02 09:54
Modified
2025-05-12 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.
This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Arm Ltd | Valhall GPU Kernel Driver |
Version: r29p0 Version: r50p0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T15:50:43.159432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:51:33.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p4",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p3",
"status": "affected",
"version": "r29p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r54p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r53p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p4",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p3",
"status": "affected",
"version": "r41p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r54p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r53p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Man Yue Mo of GitHub Security Lab"
}
],
"datePublic": "2025-05-02T08:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.\n\nThis issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T10:50:05.134Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/documentation/110465/latest/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue has been fixed in the following versions: Valhall GPU Kernel Driver r49p4 and r54p0; Arm 5th Gen GPU Architecture Kernel Driver r49p4, r54p0. Arm recommends that affected users upgrade to the latest applicable version at Mali Driver Downloads to protect against this issue. \u003cbr\u003e"
}
],
"value": "This issue has been fixed in the following versions: Valhall GPU Kernel Driver r49p4 and r54p0; Arm 5th Gen GPU Architecture Kernel Driver r49p4, r54p0. Arm recommends that affected users upgrade to the latest applicable version at Mali Driver Downloads to protect against this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mali GPU Kernel Driver allows improper GPU memory processing operations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2025-0072",
"datePublished": "2025-05-02T09:54:20.441Z",
"dateReserved": "2024-12-13T13:18:00.462Z",
"dateUpdated": "2025-05-12T15:51:33.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49835 (GCVE-0-2024-49835)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Memory corruption while reading secure file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6174A Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCC710 Version: QCM2290 Version: QCM4290 Version: QCM5430 Version: QCM6125 Version: QCM6490 Version: QCM8550 Version: QCN6224 Version: QCN6274 Version: QCN7606 Version: QCN9274 Version: QCS2290 Version: QCS4290 Version: QCS5430 Version: QCS6125 Version: QCS615 Version: QCS6490 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QDU1000 Version: QDU1010 Version: QDU1110 Version: QDU1210 Version: QDX1010 Version: QDX1011 Version: QEP8111 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: QRU1032 Version: QRU1052 Version: QRU1062 Version: QSM8350 Version: Qualcomm Video Collaboration VC1 Platform Version: Qualcomm Video Collaboration VC3 Platform Version: Robotics RB2 Platform Version: SA4150P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SA8530P Version: SA8540P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SC8380XP Version: SD 8 Gen1 5G Version: SD670 Version: SD730 Version: SD855 Version: SD865 5G Version: SD888 Version: SG4150P Version: SM4125 Version: SM4635 Version: SM6250 Version: SM6370 Version: SM6650 Version: SM6650P Version: SM7250P Version: SM7315 Version: SM7325P Version: SM7635 Version: SM7675 Version: SM7675P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8735 Version: SM8750 Version: SM8750P Version: Smart Audio 400 Platform Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 662 Mobile Platform Version: Snapdragon 665 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 710 Mobile Platform Version: Snapdragon 720G Mobile Platform Version: Snapdragon 730 Mobile Platform (SM7150-AA) Version: Snapdragon 730G Mobile Platform (SM7150-AB) Version: Snapdragon 732G Mobile Platform (SM7150-AC) Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon X32 5G Modem-RF System Version: Snapdragon X35 5G Modem-RF System Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: Snapdragon XR1 Platform Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: SRV1H Version: SRV1L Version: SRV1M Version: SXR1120 Version: SXR2130 Version: SXR2330P Version: WCD9326 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6450 Version: WCN6650 Version: WCN6740 Version: WCN6755 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:35.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Technology",
"Snapdragon WBC"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN7606"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB2 Platform"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8530P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SG4150P"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6370"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 665 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
},
{
"status": "affected",
"version": "Snapdragon 690 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 710 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 720G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
},
{
"status": "affected",
"version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
},
{
"status": "affected",
"version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 750G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 778G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
},
{
"status": "affected",
"version": "Snapdragon 780G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SXR1120"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while reading secure file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:17.432Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Out-of-bounds Write in SPS Applications"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49835",
"datePublished": "2025-05-06T08:32:17.432Z",
"dateReserved": "2024-10-20T17:18:43.215Z",
"dateUpdated": "2025-05-07T03:55:35.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47891 (GCVE-0-2024-47891)
Vulnerability from cvelistv5
Published
2025-01-31 03:11
Modified
2025-03-18 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:39:46.360171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:22:22.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM2",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions."
}
],
"impacts": [
{
"capecId": "CAPEC-124",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-124: Shared Resource Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T03:11:58.828Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-47891",
"datePublished": "2025-01-31T03:11:58.828Z",
"dateReserved": "2024-10-04T16:08:49.936Z",
"dateUpdated": "2025-03-18T20:22:22.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21453 (GCVE-0-2025-21453)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: APQ8017 Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: MDM9628 Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6426 Version: QCA6430 Version: QCA6436 Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCC710 Version: QCM2150 Version: QCM2290 Version: QCM4290 Version: QCM4325 Version: QCM4490 Version: QCM5430 Version: QCM6125 Version: QCM6490 Version: QCM8550 Version: QCN6024 Version: QCN6224 Version: QCN6274 Version: QCN9011 Version: QCN9012 Version: QCN9024 Version: QCN9274 Version: QCS2290 Version: QCS410 Version: QCS4290 Version: QCS4490 Version: QCS5430 Version: QCS610 Version: QCS6125 Version: QCS615 Version: QCS6490 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QEP8111 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: Qualcomm 205 Mobile Platform Version: Qualcomm 215 Mobile Platform Version: Qualcomm Video Collaboration VC1 Platform Version: Qualcomm Video Collaboration VC3 Platform Version: Robotics RB2 Platform Version: Robotics RB3 Platform Version: SA2150P Version: SA4150P Version: SA4155P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SA8530P Version: SA8540P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SD 8 Gen1 5G Version: SD626 Version: SD660 Version: SD670 Version: SD730 Version: SD835 Version: SD855 Version: SD865 5G Version: SD888 Version: SDX55 Version: SDX61 Version: SG4150P Version: SG8275P Version: SM4125 Version: SM4635 Version: SM6250 Version: SM6370 Version: SM6650 Version: SM6650P Version: SM7250P Version: SM7315 Version: SM7325P Version: SM7635 Version: SM7675 Version: SM7675P Version: SM8550P Version: SM8635 Version: SM8635P Version: SM8650Q Version: SM8735 Version: SM8750 Version: SM8750P Version: Smart Audio 400 Platform Version: Smart Display 200 Platform (APQ5053-AA) Version: Snapdragon 210 Processor Version: Snapdragon 212 Mobile Platform Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 4 Gen 2 Mobile Platform Version: Snapdragon 425 Mobile Platform Version: Snapdragon 429 Mobile Platform Version: Snapdragon 439 Mobile Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 625 Mobile Platform Version: Snapdragon 626 Mobile Platform Version: Snapdragon 630 Mobile Platform Version: Snapdragon 632 Mobile Platform Version: Snapdragon 636 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 662 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 710 Mobile Platform Version: Snapdragon 720G Mobile Platform Version: Snapdragon 730 Mobile Platform (SM7150-AA) Version: Snapdragon 730G Mobile Platform (SM7150-AB) Version: Snapdragon 732G Mobile Platform (SM7150-AC) Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 2 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 2 Mobile Platform Version: Snapdragon 835 Mobile PC Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X12 LTE Modem Version: Snapdragon X32 5G Modem-RF System Version: Snapdragon X35 5G Modem-RF System Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: Snapdragon XR1 Platform Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: Snapdragon Auto 4G Modem Version: SRV1H Version: SRV1L Version: SRV1M Version: SW5100 Version: SW5100P Version: SXR1120 Version: SXR2130 Version: SXR2230P Version: SXR2250P Version: SXR2330P Version: TalynPlus Version: Vision Intelligence 100 Platform (APQ8053-AA) Version: Vision Intelligence 200 Platform (APQ8053-AC) Version: Vision Intelligence 300 Platform Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3610 Version: WCN3615 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6450 Version: WCN6650 Version: WCN6740 Version: WCN6755 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:28.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "315 5G IoT Modem"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9367"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM2150"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM4325"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "Qualcomm 205 Mobile Platform"
},
{
"status": "affected",
"version": "Qualcomm 215 Mobile Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB2 Platform"
},
{
"status": "affected",
"version": "Robotics RB3 Platform"
},
{
"status": "affected",
"version": "SA2150P"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8530P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX61"
},
{
"status": "affected",
"version": "SG4150P"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6370"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Smart Display 200 Platform (APQ5053-AA)"
},
{
"status": "affected",
"version": "Snapdragon 210 Processor"
},
{
"status": "affected",
"version": "Snapdragon 212 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 425 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 429 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 439 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 625 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 626 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 630 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 632 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 636 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 660 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
},
{
"status": "affected",
"version": "Snapdragon 690 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 710 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 720G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
},
{
"status": "affected",
"version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
},
{
"status": "affected",
"version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 750G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 778G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
},
{
"status": "affected",
"version": "Snapdragon 780G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 835 Mobile PC Platform"
},
{
"status": "affected",
"version": "Snapdragon 845 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X12 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 4G Modem"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR1120"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "TalynPlus"
},
{
"status": "affected",
"version": "Vision Intelligence 100 Platform (APQ8053-AA)"
},
{
"status": "affected",
"version": "Vision Intelligence 200 Platform (APQ8053-AC)"
},
{
"status": "affected",
"version": "Vision Intelligence 300 Platform"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:26.299Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Use After Free in GPS HLOS Driver"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-21453",
"datePublished": "2025-05-06T08:32:26.299Z",
"dateReserved": "2024-12-18T09:50:08.923Z",
"dateUpdated": "2025-05-07T03:55:28.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47896 (GCVE-0-2024-47896)
Vulnerability from cvelistv5
Published
2025-02-22 14:50
Modified
2025-03-05 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - CWE - Use of Out-of-range Pointer Offset (4.16)
Summary
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:56:49.878825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:56:53.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"lessThanOrEqual": "24.3 RTM",
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE - CWE-823: Use of Out-of-range Pointer Offset (4.16)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:50:58.213Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - rgxfw_hwr_log_info OOB write via psHWRInfoBuf-\u003eui32WriteIndex",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2024-47896",
"datePublished": "2025-02-22T14:50:58.213Z",
"dateReserved": "2024-10-04T16:08:49.937Z",
"dateUpdated": "2025-03-05T16:56:53.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0427 (GCVE-0-2025-0427)
Vulnerability from cvelistv5
Published
2025-05-02 09:58
Modified
2025-05-12 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Arm Ltd | Bifrost GPU Kernel Driver |
Version: r8p0 Version: r50p0 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T15:51:55.333310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:52:34.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Bifrost GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p4",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p3",
"status": "affected",
"version": "r8p0",
"versionType": "patch"
},
{
"lessThanOrEqual": "r51p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p4",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p3",
"status": "affected",
"version": "r19p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r54p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r53p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p4",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p3",
"status": "affected",
"version": "r41p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r54p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r53p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-05-02T08:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.\u003cp\u003eThis issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T09:58:00.766Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/documentation/110465/latest/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue has been fixed in the following versions: Bifrost GPU Kernel Driver r49p4; Valhall GPU Kernel Driver r49p4 and r54p0; Arm 5th Gen GPU Architecture Kernel Driver r49p4 and r54p0. Arm recommends that affected users upgrade to the latest applicable version at Mali Driver Downloads to protect against this issue.\u003cbr\u003e"
}
],
"value": "This issue has been fixed in the following versions: Bifrost GPU Kernel Driver r49p4; Valhall GPU Kernel Driver r49p4 and r54p0; Arm 5th Gen GPU Architecture Kernel Driver r49p4 and r54p0. Arm recommends that affected users upgrade to the latest applicable version at Mali Driver Downloads to protect against this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mali GPU Kernel Driver allows access to already freed memory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2025-0427",
"datePublished": "2025-05-02T09:58:00.766Z",
"dateReserved": "2025-01-13T16:09:49.915Z",
"dateUpdated": "2025-05-12T15:52:34.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45580 (GCVE-0-2024-45580)
Vulnerability from cvelistv5
Published
2025-03-03 10:07
Modified
2025-03-05 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: FastConnect 6900 Version: FastConnect 7800 Version: QMP1000 Version: SDM429W Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 429 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2230P Version: SXR2250P Version: SXR2330P Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T04:55:13.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 429 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while handling multuple IOCTL calls from userspace for remote invocation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T10:07:30.301Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html"
}
],
"title": "Use After Free in DSP Service"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-45580",
"datePublished": "2025-03-03T10:07:30.301Z",
"dateReserved": "2024-09-02T10:26:15.227Z",
"dateUpdated": "2025-03-05T04:55:13.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…