{"id":10009,"date":"2025-08-06T20:21:34","date_gmt":"2025-08-06T20:21:34","guid":{"rendered":"http:\/\/localhost\/?p=10009"},"modified":"2025-08-06T20:21:34","modified_gmt":"2025-08-06T20:21:34","slug":"use-after-free-in-npu","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=10009","title":{"rendered":"Use After Free in NPU_CVE-2025-21458"},"content":{"rendered":"

{“lastseen”:””,”description”:”Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.”,”published”:”2025-08-06T07:25:51.371Z”,”modified”:”2025-08-06T14:37:14.645Z”,”type”:”cve”,”title”:”Use After Free in NPU”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/august-2025-bulletin.html”,”id”:”CVE-2025-21458″,”bulletinFamily”:””,”cwe”:[“CWE-416″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon FastConnect 6900\\nQualcomm, Inc. Snapdragon QAM8255P\\nQualcomm, Inc. Snapdragon QAM8650P\\nQualcomm, Inc. Snapdragon QAM8775P\\nQualcomm, Inc. Snapdragon QCA6174A\\nQualcomm, Inc. Snapdragon QCA6698AQ\\nQualcomm, Inc. Snapdragon QCA6797AQ\\nQualcomm, Inc. Snapdragon SA7255P\\nQualcomm, Inc. Snapdragon SA7775P\\nQualcomm, Inc. Snapdragon SA8255P\\nQualcomm, Inc. Snapdragon SA8620P\\nQualcomm, Inc. Snapdragon SA8650P\\nQualcomm, Inc. Snapdragon SA8775P\\nQualcomm, Inc. Snapdragon SA9000P\\nQualcomm, Inc. Snapdragon Snapdragon 888 5G Mobile Platform\\nQualcomm, Inc. Snapdragon Snapdragon 888+ 5G Mobile Platform (SM8350-AC)\\nQualcomm, Inc. Snapdragon SW5100\\nQualcomm, Inc. Snapdragon SW5100P\\nQualcomm, Inc. Snapdragon WCD9380\\nQualcomm, Inc. Snapdragon WCD9385\\nQualcomm, Inc. Snapdragon WCN3980\\nQualcomm, Inc. Snapdragon WCN3988\\nQualcomm, Inc. Snapdragon WSA8830\\nQualcomm, Inc. Snapdragon WSA8835″,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Snapdragon”,”version”:”FastConnect 6900″,”vendor”:”Qualcomm, Inc.”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.”,”published”:”2025-08-06T07:25:51.371Z”,”modified”:”2025-08-06T14:37:14.645Z”,”type”:”cve”,”title”:”Use After Free in NPU”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/august-2025-bulletin.html”,”id”:”CVE-2025-21458″,”bulletinFamily”:””,”cwe”:[“CWE-416″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon FastConnect 6900\\nQualcomm, Inc. Snapdragon QAM8255P\\nQualcomm, Inc….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,28,12,15,13,7,11,5],"class_list":["post-10009","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nUse After Free in NPU_CVE-2025-21458 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=10009\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Use After Free in NPU_CVE-2025-21458 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.”,”published”:”2025-08-06T07:25:51.371Z”,”modified”:”2025-08-06T14:37:14.645Z”,”type”:”cve”,”title”:”Use After Free in NPU”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/august-2025-bulletin.html”,”id”:”CVE-2025-21458″,”bulletinFamily”:””,”cwe”:[“CWE-416″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon FastConnect 6900nQualcomm, Inc. Snapdragon QAM8255PnQualcomm, Inc....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=10009\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-06T20:21:34+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Use After Free in NPU_CVE-2025-21458\",\"datePublished\":\"2025-08-06T20:21:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009\"},\"wordCount\":256,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.8\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=10009#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009\",\"name\":\"Use After Free in NPU_CVE-2025-21458 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-06T20:21:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=10009\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10009#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Use After Free in NPU_CVE-2025-21458\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Use After Free in NPU_CVE-2025-21458 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=10009","og_locale":"en_US","og_type":"article","og_title":"Use After Free in NPU_CVE-2025-21458 - zero redgem","og_description":"{“lastseen”:””,”description”:”Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.”,”published”:”2025-08-06T07:25:51.371Z”,”modified”:”2025-08-06T14:37:14.645Z”,”type”:”cve”,”title”:”Use After Free in NPU”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/august-2025-bulletin.html”,”id”:”CVE-2025-21458″,”bulletinFamily”:””,”cwe”:[“CWE-416″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon FastConnect 6900nQualcomm, Inc. Snapdragon QAM8255PnQualcomm, Inc....","og_url":"https:\/\/zero.redgem.net\/?p=10009","og_site_name":"zero redgem","article_published_time":"2025-08-06T20:21:34+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=10009#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=10009"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Use After Free in NPU_CVE-2025-21458","datePublished":"2025-08-06T20:21:34+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=10009"},"wordCount":256,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.8","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=10009#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=10009","url":"https:\/\/zero.redgem.net\/?p=10009","name":"Use After Free in NPU_CVE-2025-21458 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-06T20:21:34+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=10009#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=10009"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=10009#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Use After Free in NPU_CVE-2025-21458"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/10009","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10009"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/10009\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}