Chrome Adreno GPU Driver Memory Corruption in Rendering
CVE-2025-27038 Published on June 3, 2025
Use After Free in Graphics
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Known Exploited Vulnerability
This Qualcomm Multiple Chipsets Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
The following remediation steps are recommended / required by June 24, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2025-27038 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2025-27038 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2025-27038
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-27038 are published in these products:
Affected Versions
Qualcomm, Inc. Snapdragon:- Version AR8031 is affected.
- Version CSRA6620 is affected.
- Version CSRA6640 is affected.
- Version FastConnect 7800 is affected.
- Version QCA2066 is affected.
- Version QCA6391 is affected.
- Version QCM6125 is affected.
- Version QCM8550 is affected.
- Version QCN9011 is affected.
- Version QCN9012 is affected.
- Version QCS6125 is affected.
- Version QCS8550 is affected.
- Version Qualcommr Video Collaboration VC1 Platform is affected.
- Version SM6475 is affected.
- Version SM6650 is affected.
- Version SM6650P is affected.
- Version SM7435 is affected.
- Version SM7635 is affected.
- Version SM7635P is affected.
- Version Smart Audio 400 Platform is affected.
- Version Snapdragon 4 Gen 2 Mobile Platform is affected.
- Version Snapdragon 6 Gen 1 Mobile Platform is affected.
- Version Snapdragon 680 4G Mobile Platform is affected.
- Version Snapdragon 685 4G Mobile Platform (SM6225-AD) is affected.
- Version Snapdragon W5+ Gen 1 Wearable Platform is affected.
- Version SW5100 is affected.
- Version SW5100P is affected.
- Version WCD9335 is affected.
- Version WCD9370 is affected.
- Version WCD9375 is affected.
- Version WCD9378 is affected.
- Version WCD9385 is affected.
- Version WCD9395 is affected.
- Version WCN3950 is affected.
- Version WCN3980 is affected.
- Version WCN3988 is affected.
- Version WCN6650 is affected.
- Version WCN6740 is affected.
- Version WCN6755 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.