Memory Corruption Risk in Qualcomm Products During Simultaneous IOCTL Calls
CVE-2025-21436

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 7 April 2025

Summary

A vulnerability has been identified that allows memory corruption to occur when two IOCTL calls are executed simultaneously across different threads. This situation can lead to unexpected behaviors or the creation of processes in an unsafe manner, potentially compromising the integrity and security of the system. Affected users and developers are advised to review Qualcomm's security updates to mitigate this vulnerability effectively.

Affected Version(s)

Snapdragon Snapdragon Compute FastConnect 7800

Snapdragon Snapdragon Compute QMP1000

Snapdragon Snapdragon Compute SM8735

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Dec 18, 2024