CVE-2025-27038
published 2025-06-03CVE-2025-27038: Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
PriorityP180high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-06-24
Exploited in the wild
EPSS
0.80%
52.0th percentile
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| msrc | azl3_hyperv-daemons_6.6.22.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_hyperv-daemons_6.6.29.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-27038 is a use-after-free vulnerability in Qualcomm Adreno GPU drivers triggered specifically during graphics rendering in Chrome; monitor for Chrome renderer process crashes or memory corruption signals on Android devices with Qualcomm chipsets ↗
- →Google Threat Analysis Group (TAG) confirmed limited, targeted in-the-wild exploitation of CVE-2025-27038; treat any unexplained Adreno GPU driver crashes on Android devices as potentially indicative of active exploitation ↗
- →The Android Security Bulletin tracks this vulnerability under component 'Display' with Android reference A-418032173 and Qualcomm reference QC-CR#4080397; use these identifiers when querying OEM patch status or device management platforms ↗
- →CISA added CVE-2025-27038 to its Known Exploited Vulnerabilities catalog with a remediation due date of 2025-06-24; unpatched devices (below 2025-08-05 Android security patch level) should be flagged in asset inventory ↗
- →Patches were bundled in the Android 2025-08-05 security patch level; devices not yet at this patch level and running Qualcomm Adreno GPU chipsets should be prioritized for remediation and monitored for exploitation attempts ↗
- ·Patches were made available to OEMs in May 2025, but individual OEM deployment timelines vary; patch availability does not guarantee device-level remediation ↗
- ·The 2025-08-05 patch level fixes for closed-source third-party and kernel subcomponents (including this Qualcomm flaw) may not apply to all Android devices depending on hardware configuration ↗
- ·Google Pixel devices receive security updates immediately, but other vendors will often take longer to test and tweak them for their specific hardware configurations, leaving a window of exposure ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2025-27038: Display
vendor_android·2025-08-01·CVSS 7.5
CVE-2025-27038 [HIGH] CVE-2025-27038: Display
Android Security Bulletin 2025-08-01
CVE: CVE-2025-27038
Severity: HIGH
Component: Display
References: A-418032173
QC-CR#4080397
*
CISA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
cisa·2025-06-03·CVSS 7.5
CVE-2025-27038 [HIGH] CWE-416 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Vulnerability: Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Affected: Qualcomm Multiple Chipsets
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-27038
Remediation Due Date: 2025-06-24
Microsoft
clk: Fix clk_core_get NULL dereference
vendor_msrc·2024-05-14·CVSS 5.5
CVE-2024-27038 [MEDIUM] CWE-476 clk: Fix clk_core_get NULL dereference
clk: Fix clk_core_get NULL dereference
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en
GHSA
GHSA-h454-pc9h-rvh2: Memory corruption while rendering graphics using Adreno GPU drivers in Chrome
ghsa_unreviewed·2025-06-03
CVE-2025-27038 [HIGH] CWE-416 GHSA-h454-pc9h-rvh2: Memory corruption while rendering graphics using Adreno GPU drivers in Chrome
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
VulnCheck
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
vulncheck·2025·CVSS 7.5
CVE-2025-27038 [HIGH] CWE-416 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Affected: Qualcomm Multiple Chipsets
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.loginsoft.com/reports/annually/vulnerabi
No detection rules found.
No public exploits indexed.
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review
blogs_mandiant·2026-03-05
Look What You Made Us Patch: 2025 Zero-Days in Review
Threat Intelligence
# Look What You Made Us Patch: 2025 Zero-Days in Review
March 5, 2026
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan
### Executive Summary
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels.
In 2025, we continued to observe the structural shift, first
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review
blogs_mandiant·2026-03-05
Look What You Made Us Patch: 2025 Zero-Days in Review
## Look What You Made Us Patch: 2025 Zero-Days in Review
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan
## Executive Summary
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels.
In 2025, we continued to observe the structural shift, first identified in 2024, toward increased enterprise exploitation. Both
Bleepingcomputer
Android gets patches for Qualcomm flaws exploited in attacks
blogs_bleepingcomputer·2025-08-05·CVSS 7.8
CVE-2025-21479 [HIGH] Android gets patches for Qualcomm flaws exploited in attacks
## Android gets patches for Qualcomm flaws exploited in attacks
## Sergiu Gatlan
Google has now integrated the patches announced by Qualcomm in June , when the wireless tech giant warned that "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation."
"Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible," Qualcomm said.
CISA has also added the two security bugs to its catalog of actively exploited vulnerabilities on June 3rd, ordering federal agencies to secure their devices against ongoing attacks by June 24.
With this month
Checkpoint
9th June – Threat Intelligence Report
blogs_checkpoint·2025-06-09
CVE-2025-49113 9th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such as Social Security numbers, phone numbers, and home addresses. The attack impacted the company’s servers in a dou
Bleepingcomputer
Qualcomm fixes three Adreno GPU zero-days exploited in attacks
blogs_bleepingcomputer·2025-06-02·CVSS 7.8
CVE-2025-21479 [HIGH] Qualcomm fixes three Adreno GPU zero-days exploited in attacks
## Qualcomm fixes three Adreno GPU zero-days exploited in attacks
## Sergiu Gatlan
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.
The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480 ) were reported through the Google Android Security team in late January, and a third high-severity vulnerability ( CVE-2025-27038 ) was reported in March.
The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causi
2025-06-03
Published
2025-06-03
Added to CISA KEV
Exploited in the wild