Article Details

Qualcomm fixes three Adreno GPU zero-days exploited in attacks. Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480) were reported through the Google Android Security team in late January, and a third high-severity vulnerability (CVE-2025-27038) was reported in March. The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causing memory corruption while rendering graphics using Adreno GPU drivers in Chrome. "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation," Qualcomm warned in a Monday advisory. "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible." This month, Qualcomm has also addressed a buffer over-read in Data Network Stack & Connectivity (CVE-2024-53026) that unauthenticated attackers can exploit to gain access to restricted information using invalid RTCP packets sent during a VoLTE/VoWiFi IMS calls. In October, the company fixed another zero-day (CVE-2024-43047) that the Serbian Security Information Agency (BIA) and the Serbian police exploited to unlock seized Android devices belonging to activists, journalists, and protestors using Cellebrite's data extraction software. While investigating the attacks, Google's Threat Analysis Group (TAG) found evidence suggesting that devices were also infected with NoviSpy spyware using an exploit chain to circumvent Android's security mechanisms and install itself persistently at the kernel level. One year earlier, Qualcomm also warned that threat actors were exploiting three more zero-day vulnerabilities in its GPU and Compute DSP drivers. In recent years, the company has patched various other chipset security flaws that could let attackers access users' text messages, call history, media files, and real-time conversations. Why IT teams are ditching manual patch management Manual patching is outdated. It's slow, error-prone, and tough to scale. Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.