CVE-2025-27038 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability

2025-06-03 • CISA Known Exploited Vulnerability

[event] Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

> AFFECTED SOFTWARE

Field	Value
Vendor	Qualcomm
Product	Multiple Chipsets
CWE	CWE-416
CVE ID	CVE-2025-27038
Date Added	2025-06-03
Due Date	2025-06-24
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-06-24

> REFERENCES

[1] https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bul...
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-27038