CVE-2025-21468 — Out-of-bounds Write in INC Snapdragon

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 79.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedMay 6

Description

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon152 versions+151

Patches

Patch: docs.qualcomm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rjf5-465j-64g2: Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end↗2025-05-06

▶

📋Vendor Advisories

Android

CVE-2025-21468: Camera↗2025-05-01

▶