CVE-2025-27050

Q: What is the severity of CVE-2025-27050?

CVE-2025-27050 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability (CWE-416) in Qualcomm components where abrupt client process termination during event handling causes memory corruption. Attackers could potentially execute arbitrary code or cause denial of service. Affects systems using vulnerable Qualcomm hardware/drivers.

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability (CWE-416) in Qualcomm components where abrupt client process termination during event handling causes memory corruption. Attackers could potentially execute arbitrary code or cause denial of service. Affects systems using vulnerable Qualcomm hardware/drivers.

💻 Affected Systems

Products:

Qualcomm chipsets and associated drivers/firmware

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected products

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Qualcomm hardware where the vulnerable driver/component is loaded

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise

🟠

Likely Case

Local privilege escalation or denial of service through system crash

🟢

If Mitigated

Limited to denial of service if exploit fails or system has additional protections

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be exploited remotely if vulnerable service is exposed

🏢 Internal Only: HIGH - Local attackers or malicious processes could exploit this for privilege escalation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger abrupt process termination during specific event handling

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm July 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/driver versions. 2. Obtain updated firmware/drivers from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot system.

🔧 Temporary Workarounds

Restrict process termination capabilities

linux

Limit which users/processes can terminate other processes to reduce attack surface

# Use SELinux/AppArmor to restrict process signaling capabilities
# Review and harden process permission models

🧯 If You Can't Patch

Implement strict process isolation and privilege separation
Monitor for abnormal process termination patterns and system crashes

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset/driver version against affected list in July 2025 bulletin

Check Version:

# For Android: getprop | grep -i qualcomm
# For Linux: modinfo <qualcomm_driver_module> | grep version

Verify Fix Applied:

Verify updated Qualcomm driver/firmware version is installed post-patch

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Driver crash dumps
Abnormal process termination events

Network Indicators:

None - this is a local memory corruption vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "segfault") AND process_name="*qualcomm*"

📊 Metadata

CVE ID: CVE-2025-27050

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: July 8, 2025

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc7180 Ac Firmware by Qualcomm

Sc7180 Ad Firmware by Qualcomm

Sc8180x Aaab Firmware by Qualcomm

Sc8180x Acaf Firmware by Qualcomm

Sc8180x Ad Firmware by Qualcomm

Sc8180x\+sdx55 Firmware by Qualcomm

Sc8180xp Aaab Firmware by Qualcomm

Sc8180xp Acaf Firmware by Qualcomm

Sc8180xp Ad Firmware by Qualcomm

Sc8280xp Abbb Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm