cbcvebase.
CVE-2025-27038
published 2025-06-03

CVE-2025-27038: Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

PriorityP180high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-06-24
Exploited in the wild
EPSS
0.80%
52.0th percentile
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Affected

49 ranges· showing 25
VendorProductVersion rangeFixed in
googleandroid
msrcazl3_hyperv-daemons_6.6.22.1-2_on_azure_linux_3.0
msrcazl3_hyperv-daemons_6.6.29.1-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-27038 is a use-after-free vulnerability in Qualcomm Adreno GPU drivers triggered specifically during graphics rendering in Chrome; monitor for Chrome renderer process crashes or memory corruption signals on Android devices with Qualcomm chipsets
  • Google Threat Analysis Group (TAG) confirmed limited, targeted in-the-wild exploitation of CVE-2025-27038; treat any unexplained Adreno GPU driver crashes on Android devices as potentially indicative of active exploitation
  • The Android Security Bulletin tracks this vulnerability under component 'Display' with Android reference A-418032173 and Qualcomm reference QC-CR#4080397; use these identifiers when querying OEM patch status or device management platforms
  • CISA added CVE-2025-27038 to its Known Exploited Vulnerabilities catalog with a remediation due date of 2025-06-24; unpatched devices (below 2025-08-05 Android security patch level) should be flagged in asset inventory
  • Patches were bundled in the Android 2025-08-05 security patch level; devices not yet at this patch level and running Qualcomm Adreno GPU chipsets should be prioritized for remediation and monitored for exploitation attempts
  • ·Patches were made available to OEMs in May 2025, but individual OEM deployment timelines vary; patch availability does not guarantee device-level remediation
  • ·The 2025-08-05 patch level fixes for closed-source third-party and kernel subcomponents (including this Qualcomm flaw) may not apply to all Android devices depending on hardware configuration
  • ·Google Pixel devices receive security updates immediately, but other vendors will often take longer to test and tweak them for their specific hardware configurations, leaving a window of exposure

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.