Primary

Context

Qualcomm Snapdragon Chipsets Memory Corruption Vulnerability in NPU Driver APIs

Vulnerability

A use-after-free vulnerability has been identified in various chipsets of Qualcomm Snapdragon processors. This vulnerability arises from memory corruption issues when the Neural Processing Unit (NPU) driver APIs are called concurrently. The flaw could potentially be exploited, leading to memory corruption and causing instability or unexpected behavior in the system.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to undefined behavior in the application or system, such as crashes or arbitrary code execution.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm March 2025 Security Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

2.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

2.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm Snapdragon Chipsets Memory Corruption Vulnerability in NPU Driver APIs

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating