Use After Free in Camera Driver_CVE-2025-27037

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

Basic Information

ID CVE-2025-27037

Source qualcomm

Published Sep 24, 2025 at 15:33

Affected Product

Vendor Qualcomm, Inc.

Product Snapdragon

Version FastConnect 6800

Affected Versions Qualcomm, Inc. Snapdragon FastConnect 6800
Qualcomm, Inc. Snapdragon FastConnect 6900
Qualcomm, Inc. Snapdragon FastConnect 7800
Qualcomm, Inc. Snapdragon QAM8295P
Qualcomm, Inc. Snapdragon QCA6391
Qualcomm, Inc. Snapdragon QCA6426
Qualcomm, Inc. Snapdragon QCA6436
Qualcomm, Inc. Snapdragon QCA6574AU
Qualcomm, Inc. Snapdragon QCA6696
Qualcomm, Inc. Snapdragon QCN9074
Qualcomm, Inc. Snapdragon SA6145P
Qualcomm, Inc. Snapdragon SA6150P
Qualcomm, Inc. Snapdragon SA6155P
Qualcomm, Inc. Snapdragon SA8145P
Qualcomm, Inc. Snapdragon SA8150P
Qualcomm, Inc. Snapdragon SA8155P
Qualcomm, Inc. Snapdragon SA8195P
Qualcomm, Inc. Snapdragon SA8295P
Qualcomm, Inc. Snapdragon SD865 5G
Qualcomm, Inc. Snapdragon Snapdragon 8 Gen 1 Mobile Platform
Qualcomm, Inc. Snapdragon Snapdragon 865 5G Mobile Platform
Qualcomm, Inc. Snapdragon Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Qualcomm, Inc. Snapdragon Snapdragon 870 5G Mobile Platform (SM8250-AC)
Qualcomm, Inc. Snapdragon Snapdragon X55 5G Modem-RF System
Qualcomm, Inc. Snapdragon Snapdragon XR2 5G Platform
Qualcomm, Inc. Snapdragon SW5100
Qualcomm, Inc. Snapdragon SW5100P
Qualcomm, Inc. Snapdragon SXR2130
Qualcomm, Inc. Snapdragon WCD9380
Qualcomm, Inc. Snapdragon WCN3660B
Qualcomm, Inc. Snapdragon WCN3680B
Qualcomm, Inc. Snapdragon WCN3980
Qualcomm, Inc. Snapdragon WCN3988
Qualcomm, Inc. Snapdragon WSA8810
Qualcomm, Inc. Snapdragon WSA8815
Qualcomm, Inc. Snapdragon WSA8830
Qualcomm, Inc. Snapdragon WSA8835

CWE Classification

CWE-416

References

docs.qualcomm.com /product/publicresources/securitybulletin/september-2025-bulletin.html

{
    "lastseen": "",
    "description": "Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.",
    "published": "2025-09-24T15:33:43.572Z",
    "modified": "2025-09-24T15:33:43.572Z",
    "type": "cve",
    "title": "Use After Free in Camera Driver",
    "source": "qualcomm",
    "references": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html",
    "id": "CVE-2025-27037",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Qualcomm, Inc. Snapdragon FastConnect 6800\nQualcomm, Inc. Snapdragon FastConnect 6900\nQualcomm, Inc. Snapdragon FastConnect 7800\nQualcomm, Inc. Snapdragon QAM8295P\nQualcomm, Inc. Snapdragon QCA6391\nQualcomm, Inc. Snapdragon QCA6426\nQualcomm, Inc. Snapdragon QCA6436\nQualcomm, Inc. Snapdragon QCA6574AU\nQualcomm, Inc. Snapdragon QCA6696\nQualcomm, Inc. Snapdragon QCN9074\nQualcomm, Inc. Snapdragon SA6145P\nQualcomm, Inc. Snapdragon SA6150P\nQualcomm, Inc. Snapdragon SA6155P\nQualcomm, Inc. Snapdragon SA8145P\nQualcomm, Inc. Snapdragon SA8150P\nQualcomm, Inc. Snapdragon SA8155P\nQualcomm, Inc. Snapdragon SA8195P\nQualcomm, Inc. Snapdragon SA8295P\nQualcomm, Inc. Snapdragon SD865 5G\nQualcomm, Inc. Snapdragon Snapdragon 8 Gen 1 Mobile Platform\nQualcomm, Inc. Snapdragon Snapdragon 865 5G Mobile Platform\nQualcomm, Inc. Snapdragon Snapdragon 865+ 5G Mobile Platform (SM8250-AB)\nQualcomm, Inc. Snapdragon Snapdragon 870 5G Mobile Platform (SM8250-AC)\nQualcomm, Inc. Snapdragon Snapdragon X55 5G Modem-RF System\nQualcomm, Inc. Snapdragon Snapdragon XR2 5G Platform\nQualcomm, Inc. Snapdragon SW5100\nQualcomm, Inc. Snapdragon SW5100P\nQualcomm, Inc. Snapdragon SXR2130\nQualcomm, Inc. Snapdragon WCD9380\nQualcomm, Inc. Snapdragon WCN3660B\nQualcomm, Inc. Snapdragon WCN3680B\nQualcomm, Inc. Snapdragon WCN3980\nQualcomm, Inc. Snapdragon WCN3988\nQualcomm, Inc. Snapdragon WSA8810\nQualcomm, Inc. Snapdragon WSA8815\nQualcomm, Inc. Snapdragon WSA8830\nQualcomm, Inc. Snapdragon WSA8835",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Snapdragon",
    "version": "FastConnect 6800",
    "vendor": "Qualcomm, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}