Qualcomm has launched safety patches for 3 zero-day vulnerabilities within the Adreno Graphics Processing Unit (GPU) driver that impression dozens of chipsets and are actively exploited in focused assaults.
The corporate says two important flaws (tracked as CVE-2025-21479 and CVE-2025-21480) had been reported by means of the Google Android Safety workforce in late January, and a 3rd high-severity vulnerability (CVE-2025-27038) was reported in March.
The primary two are each Graphics framework incorrect authorization weaknesses that may result in reminiscence corruption due to unauthorized command execution within the GPU micronode whereas executing a selected sequence of instructions, whereas CVE-2025-27038 is a use-after-free inflicting reminiscence corruption whereas rendering graphics utilizing Adreno GPU drivers in Chrome.
“There are indications from Google Menace Evaluation Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 could also be underneath restricted, focused exploitation,” Qualcomm warned in a Monday advisory.
“Patches for the problems affecting the Adreno Graphics Processing Unit (GPU) driver have been made obtainable to OEMs in Might along with a powerful advice to deploy the replace on affected gadgets as quickly as potential.”
This month, Qualcomm has additionally addressed a buffer over-read in Knowledge Community Stack & Connectivity (CVE-2024-53026) that unauthenticated attackers can exploit to achieve entry to restricted data utilizing invalid RTCP packets despatched throughout a VoLTE/VoWiFi IMS calls.
In October, the corporate mounted one other zero-day (CVE-2024-43047) that the Serbian Safety Info Company (BIA) and the Serbian police exploited to unlock seized Android gadgets belonging to activists, journalists, and protestors utilizing Cellebrite’s information extraction software program.
Whereas investigating the assaults, Google’s Menace Evaluation Group (TAG) discovered proof suggesting that gadgets had been additionally contaminated with NoviSpy spyware and adware utilizing an exploit chain to bypass Android’s safety mechanisms and set up itself persistently on the kernel stage.
One 12 months earlier, Qualcomm additionally warned that menace actors had been exploiting three extra zero-day vulnerabilities in its GPU and Compute DSP drivers.
In recent times, the corporate has patched numerous different chipset safety flaws that would let attackers entry customers’ textual content messages, name historical past, media information, and real-time conversations.
Handbook patching is outdated. It is gradual, error-prone, and hard to scale.
Be part of Kandji + Tines on June 4 to see why previous strategies fall quick. See real-world examples of how fashionable groups use automation to patch quicker, minimize threat, keep compliant, and skip the advanced scripts.
