{"id":3476,"date":"2025-06-02T18:45:58","date_gmt":"2025-06-02T17:45:58","guid":{"rendered":"https:\/\/aegislens.com\/home\/?p=3476"},"modified":"2025-06-02T18:45:58","modified_gmt":"2025-06-02T17:45:58","slug":"qualcomm-addresses-triple-zero-day-vulnerabilities-targeting-android-devices-through-adreno-gpu","status":"publish","type":"post","link":"https:\/\/aegislens.com\/home\/qualcomm-addresses-triple-zero-day-vulnerabilities-targeting-android-devices-through-adreno-gpu\/","title":{"rendered":"Qualcomm Addresses Triple Zero-Day Vulnerabilities Targeting Android Devices through Adreno GPU"},"content":{"rendered":"

Driver within Adreno GPU.<\/p>\n

CVE-2025-21481 (CVSS score: 9.8) – A use-after-free flaw located in the Direct Rendering Manager (DRM) Driver of Graphics in Adreno GPU.<\/p>\n

<\/p>\n

Chipset manufacturer Qualcomm has recently issued security patches to fix three zero-day vulnerabilities within its Adreno Graphics Processing Unit (GPU).<\/p>\n

These vulnerabilities, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-21481, have been exploited in what the company describes as limited, targeted attacks.<\/p>\n

The updates were shipped following the responsible disclosure of these vulnerabilities by Google’s Android Security team.<\/p>\n

The two incorrect authorization vulnerabilities, CVE-2025-21479 and CVE-2025-21480, which hold a CVSS (Common Vulnerability Scoring System) severity score of 8.6, were found in the Graphics Driver component of the Adreno GPU.<\/p>\n

They could potentially allow attackers to execute code within the context of the Kernel, leading to leaks of confidential system information or causing system crashes as a result of a Denial of Service attack.<\/p>\n

More seriously, CVE-2025-21481, with a CVSS score of 9.8, is a use-after-free flaw located in the DRM Driver of Graphics in the Adreno GPU.<\/p>\n

This vulnerability can enable malevolent individuals to execute harmful code, potentially resulting in remote code execution or information leaks, affording the attacker unrestricted access to compromise the confidentiality, integrity, and availability of the exploited system.<\/p>\n

These vulnerabilities pose a serious threat to mobile devices as Qualcomm’s Adreno GPU is used in a majority of Android devices, including premium smartphone models from giants such as Samsung, LG, and Sony.<\/p>\n

It is thus imperative that users and enterprises apply the issued patches as quickly as possible in order to safeguard system security and data integrity.<\/p>\n

Qualcomm expressed gratitude towards the Google Android Security team for their responsible and timely reporting of these issues.<\/p>\n

The company further outlined that users should always ensure that their software versions are up-to-date.<\/p>\n

As a good cybersecurity practice, keeping all software and systems updated allows users to benefit from the latest security enhancements.<\/p>\n

Follow-Up Reading:<\/h2>\n