CVE-2025-21438

Q: What is the severity of CVE-2025-21438?

CVE-2025-21438 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption when a user-space application makes a specific IOCTL call to read board data on Qualcomm chipsets. Attackers could potentially execute arbitrary code or cause system crashes. This affects devices using vulnerable Qualcomm hardware components.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption when a user-space application makes a specific IOCTL call to read board data on Qualcomm chipsets. Attackers could potentially execute arbitrary code or cause system crashes. This affects devices using vulnerable Qualcomm hardware components.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable drivers

Versions: Specific versions not detailed in reference; affected by April 2025 security bulletin

Operating Systems: Android, Linux-based systems using Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Qualcomm hardware where the vulnerable driver is loaded and accessible from user-space.

📦 What is this software?

Snapdragon 7c Gen 2 Compute Platform \(sc7180 Ad\) \"rennell Pro\" Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c Gen 2 Compute Platform \(sc7180 Ad\) \"rennell Pro\" Firmware →

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →

Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware →

Snapdragon 8c Compute Platform \(sc8180xp Ad\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8c Compute Platform \(sc8180xp Ad\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180x Aa\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180x Aa\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180x Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180x Ab\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180xp Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180xp Ac\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180xp Af\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180xp Af\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Aa\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Aa\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Ab\) Firmware →

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\) Firmware →

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Bb\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Bb\) Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, allowing complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local denial of service (system crash/reboot) or limited information disclosure from kernel memory.

🟢

If Mitigated

Limited impact if proper access controls restrict user-space applications from making the vulnerable IOCTL calls.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious applications could exploit this vulnerability on affected devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to make specific IOCTL calls; exploitation depends on driver accessibility and memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in Qualcomm April 2025 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for specific chipset patches. 2. Obtain updated firmware/drivers from device manufacturer. 3. Apply patches according to manufacturer instructions. 4. Reboot system to load patched drivers.

🔧 Temporary Workarounds

Restrict IOCTL access

linux

Use SELinux/AppArmor policies to restrict user-space applications from accessing the vulnerable driver IOCTL interface.

# Example SELinux policy modification (consult specific policy for exact commands)

Driver blacklisting

linux

Prevent loading of the vulnerable driver if not required for system functionality.

echo 'blacklist vulnerable_driver_module' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Implement strict application sandboxing to limit which processes can make kernel IOCTL calls
Monitor for unusual driver access patterns or crash reports related to the affected driver

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset version and driver versions against April 2025 security bulletin; examine loaded kernel modules for vulnerable drivers.

Check Version:

cat /proc/cpuinfo | grep -i qualcomm && lsmod | grep -i qualcomm

Verify Fix Applied:

Verify driver version has been updated post-patch; check that April 2025 security patches are applied to Qualcomm components.

📡 Detection & Monitoring

Log Indicators:

Kernel panic or oops messages related to Qualcomm drivers
Audit logs showing unusual IOCTL calls to driver interfaces

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "qualcomm" OR source="audit" AND "ioctl" AND driver_name

📊 Metadata

CVE ID: CVE-2025-21438

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.07% exploit probability (20.9th percentile)

Published: April 7, 2025

Last Updated: October 3, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6164 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn7605 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc8180x\+sdx55 Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Snapdragon 7c Compute Platform \(sc7180 Ac\) Firmware by Qualcomm