Recently, Qualcomm released its June 2025 Security Bulletin, revealing a series of serious vulnerabilities found across many of its chipsets and drivers. While some of these issues are targeted and may not affect every user directly, they underscore the importance of keeping devices updated to protect against potential exploits.
These issues impact a broad range of Qualcomm chips, including some of the Snapdragon series chips and several Qualcomm wireless and connectivity modules such as the QCA and QCN series.
The security update details multiple high-severity vulnerabilities affecting Qualcomm’s proprietary drivers, open-source components, and connectivity modules. Among the most critical are flaws in the Adreno GPU drivers, which could allow malicious actors to execute unauthorized commands, potentially leading to privilege escalation or system instability.
Two of the vulnerabilities, tracked as CVE-2025-21479 and CVE-2025-21480, relate to memory corruption caused by incorrect authorization in the GPU micronode.
Another vulnerability, CVE-2025-27038, involves a use-after-free bug in the Adreno GPU driver that could impact Chrome rendering, risking memory corruption during graphics processing.
The bulletin also highlights network-related flaws like CVE-2024-53026, which involves buffer over-reads in the data network stack that could enable attackers to crash devices or leak information during VoLTE and Wi-Fi sessions. This affects chipsets including Snapdragon 8 series, QCA Wi-Fi modules, and others.
Bluetooth and audio drivers are also affected. CVE-2025-27031, for instance, is a use-after-free issue in Bluetooth, which might cause system crashes or privilege escalation, and CVE-2024-53013 affects memory handling during voice call registration.
Chipsets Affected
The vulnerabilities impact a wide range of devices powered by Qualcomm chips. Some of the key affected families include:
- Snapdragon 8 Gen 1, 8 Gen 2, and 8 Gen 3 series
- Snapdragon 7c+ Gen 3 and Snapdragon 6 series
- Snapdragon 4 series, including Snapdragon 480 and 460
- Qualcomm QCA and QCN series used in Wi-Fi and cellular modules
- WCN series Bluetooth and Wi-Fi modules
Not all devices are affected equally, and the impact depends on the specific chipset and driver versions. Qualcomm has already shared patches with device manufacturers, but users should ensure their devices are updated to the latest firmware.
While most consumers might not notice these vulnerabilities directly, they highlight the ongoing importance of security updates. Exploiting such flaws could potentially allow hackers to crash devices, access sensitive information, or even take control of affected hardware.
The bulletin underscores that device manufacturers and carriers need to act quickly—deploying the patches provided—to close these security gaps and protect users.
Qualcomm’s latest security bulletin reminds us that security threats are constantly evolving, and even the most advanced chips aren’t immune. Regularly updating your device’s firmware remains the best way to stay safe. If you’re unsure whether your device is protected, check with your manufacturer or service provider.
Review the full Qualcomm Security Bulletin iwhich includes more information including specific CVEs, affected chipsets and links to patches.
Leave a Reply