1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Qualcomm finally patches Adreno GPU zero-day flaws used in Androi

    From TechnologyDaily@1337:1/100 to All on Tuesday, June 03, 2025 16:15:08
    Qualcomm finally patches Adreno GPU zero-day flaws used in Android attacks

    Date:
    Tue, 03 Jun 2025 15:04:00 +0000

    Description:
    Qualcomm warns OEMs now need to apply the fix in their devices.

    FULL STORY ======================================================================Qualcomm
    has addressed three zero-days abused since January 2025 The patches must now be applied by OEMs No details about in-the-wild abuse, but users should still be on guard

    Qualcomm has finally patched three Adreno GPU zero-day vulnerabilities that were being abused in the wild.

    According to the June 2025 Android Security Bulletin, the chipmaker has now fixed CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.

    The first two are incorrect authorization flaws in the Graphics component. They were given a severity score of 8.6/10 (high), and could trigger memory corruption. They were first observed in January 2025. The third bug is a use-after-free vulnerability in the Graphics component that also leads to memory corruption. This one was given a lower severity score - 7.5/10.
    Payment information intact

    "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation," Qualcomm explained .

    "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible."

    Now, its up to different device manufacturers, such as Samsung, Google OnePlus, or Xiaomi, to apply these patches in their products.

    The affected devices span a wide range of Qualcomm chipsets, including flagship models like the Snapdragon 8 Gen 2 and Gen 3, as well as midrange
    and budget platforms such as the Snapdragon 695, 778G, and 4 Gen 1/2.

    There are currently no details on who abused these flaws, against whom, and
    to what end, however similar vulnerabilities were seen used in the past in spyware campaigns such as Variston and Cy4Gate.

    A separate Qualcomm bug (CVE-2024-43047) was used by Serbian secret service agency, BIA, in December 2024, to unlock Android devices seized from journalists, activists, and protestors, the same source claims.

    Via The Hacker News You might also like Qualcomm releases raft of security patches, urges users to fix now Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/qualcomm-finally-patches-adreno-gpu-zer o-day-flaws-used-in-android-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)