CVE-2025-21458

nvd nist

Published: Aug 6, 2025Modified: Aug 19, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: product-security@qualcomm.com (Secondary)

Description

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.

Affected (24)

Products: Qualcomm: Fastconnect 6900 Firmware, Qam8255p Firmware, Qam8650p Firmware, Qam8775p Firmware, Qca6174a Firmware, Qca6698aq Firmware, Qca6797aq Firmware, Sa7255p Firmware, Sa7775p Firmware, Sa8255p Firmware, Sa8620p Firmware, Sa8650p Firmware, Sa8775p Firmware, Sa9000p Firmware, Snapdragon 888 5g Mobile Platform Firmware, Snapdragon 888+ 5g Mobile Platform (sm8350 Ac) Firmware, Sw5100 Firmware, Sw5100p Firmware, Wcd9380 Firmware, Wcd9385 Firmware, Wcn3980 Firmware, Wcn3988 Firmware, Wsa8830 Firmware, Wsa8835 Firmware

Qualcomm

24 products

Fastconnect 6900 Firmware

Snapdragon 888 5g Mobile Platform Firmware

Snapdragon 888+ 5g Mobile Platform (sm8350 Ac) Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Fastconnect 6900 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Fastconnect 6900	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qam8255p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qam8255p	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qam8650p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qam8650p	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qam8775p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qam8775p	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6174a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6174a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6698aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6698aq	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6797aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6797aq	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa7255p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa7255p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa7775p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa7775p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8255p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8255p	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8620p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8620p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8650p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8650p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8775p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8775p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa9000p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa9000p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 888 5g Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 888 5g Mobile Platform	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 888+ 5g Mobile Platform (sm8350 Ac) Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 888+ 5g Mobile Platform (sm8350 Ac)	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sw5100 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sw5100	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sw5100p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sw5100p	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9380 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9380	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9385 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9385	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3980	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3988 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3988	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8830	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8835	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html

Source: product-security@qualcomm.com

PatchVendor Advisory

Timeline

No history available yet.