Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Jun 02, 2025
Spyware / Vulnerability
 Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.  The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -   CVE-2025-21479 and CVE-2025-21480  (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics component that could result in memory corruption due to unauthorized command execution in GPU microcode while executing a specific sequence of commands  CVE-2025-27038  (CVSS score: 7.5) - A use-after-free vulnerability in the Graphics component that could result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome   "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation," Qualcomm said  in an advisory.   "Patches for the issues affecting the Adreno Grap...