Use After Free in NPU

August 6, 2025 invoker category_cve

CVE Details

Basic Information

Title Use After Free in NPU
Type cve
Published 2025-08-06T07:25:51.371Z
Modified 2025-08-06T07:25:51.371Z

Product Information

Vendor Qualcomm, Inc.
Product Snapdragon
Version FastConnect 6900

CVSS Information

Base Score 7.8 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • Qualcomm, Inc. Snapdragon FastConnect 6900
  • Qualcomm, Inc. Snapdragon QAM8255P
  • Qualcomm, Inc. Snapdragon QAM8650P
  • Qualcomm, Inc. Snapdragon QAM8775P
  • Qualcomm, Inc. Snapdragon QCA6174A
  • Qualcomm, Inc. Snapdragon QCA6698AQ
  • Qualcomm, Inc. Snapdragon QCA6797AQ
  • Qualcomm, Inc. Snapdragon SA7255P
  • Qualcomm, Inc. Snapdragon SA7775P
  • Qualcomm, Inc. Snapdragon SA8255P
  • Qualcomm, Inc. Snapdragon SA8620P
  • Qualcomm, Inc. Snapdragon SA8650P
  • Qualcomm, Inc. Snapdragon SA8775P
  • Qualcomm, Inc. Snapdragon SA9000P
  • Qualcomm, Inc. Snapdragon Snapdragon 888 5G Mobile Platform
  • Qualcomm, Inc. Snapdragon Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
  • Qualcomm, Inc. Snapdragon SW5100
  • Qualcomm, Inc. Snapdragon SW5100P
  • Qualcomm, Inc. Snapdragon WCD9380
  • Qualcomm, Inc. Snapdragon WCD9385
  • Qualcomm, Inc. Snapdragon WCN3980
  • Qualcomm, Inc. Snapdragon WCN3988
  • Qualcomm, Inc. Snapdragon WSA8830
  • Qualcomm, Inc. Snapdragon WSA8835

Additional Information

CWE List CWE-416
Source qualcomm

Description

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.