Primary

Context

Qualcomm DSP Service Untrusted Pointer Dereference Vulnerability Allowing Memory Corruption

Vulnerability

A vulnerability has been identified in the Qualcomm DSP Service that allows for memory corruption. This issue arises during an Escape call when an invalid Kernel Mode CPU event and synchronization object handle are provided, with the DriverKnownEscape flag disabled. The vulnerability is present in various chipsets, including those used in automotive and mobile platforms.

Impact

Exploitation of this vulnerability leads to memory corruption, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm March 2025 Security Bulletin.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm DSP Service Untrusted Pointer Dereference Vulnerability Allowing Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating