- Qualcomm has abused three days zero since January 2025
- The fixes must now be applied by the OEM
- No details on the abuses in the jumps, but users should always be on the guard
Qualcomm finally corrected three vulnerabilities of zero adreno gpu which have been abused in the wild.
According to the Android security bulletin of June 2025, the flea manufacturer has now set the CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038.
The first two are incorrect authorization defects in the graphic component. They received a severity score of 8.6 / 10 (high) and were able to trigger the corruption of memory. They were observed for the first time in January 2025. The third bug is an unusual vulnerability in the graphic component which also leads to the corruption of memory. He received a lower severity score – 7.5 / 10.
Intact payment information
“There are indications of the Google Threat analysis group that CVE-20125-21479, CVE-2025-21480, CVE-2025-27038 can be under a limited and targeted exploitation,” explained Qualcomm.
“Corrections for problems affecting the Adreno graphics processing unit pilot (GPU) were made available to OEMs in May with a high recommendation to deploy the update on assigned devices as soon as possible.”
Now, it is to different manufacturers of devices, such as Samsung, Google OnePlus or Xiaomi, to apply these fixes in their products.
Affected devices cover a wide range of Qualcomm chipsets, including flagship models such as Snapdragon 8 Gen 2 and Gen 3 platforms, as well as mid-range and budgetary platforms such as Snapdragon 695, 778G and 4 Gen 1/2.
There is currently no details on which has abused these faults, against whom, and at what end, whatever the similar vulnerabilities, vulnerabilities have been used in the past in Spyware campaigns such as Variston and Cy4gate.
A distinct Qualcomm bug (CVE-2024-43047) was used by the Serbian Service Agency, BIA, in December 2024, to unlock the Android devices seized by journalists, activists and demonstrators, according to the same source.
Via The Hacker News
