CVE-2025-27031 – Qualcomm Bluetooth Host Use-After-Free Vulnerability Allowing Memory Corruption

Vulnerability

A use-after-free vulnerability has been identified in the Bluetooth Host component of various chipsets, including those in the Snapdragon 8 Gen 3 Mobile Platform and FastConnect series. This vulnerability arises from memory corruption while processing IOCTL commands, specifically when the buffer in write loopback mode is accessed after being freed. The issue could potentially be exploited locally, leading to unauthorized memory access or manipulation.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to arbitrary code execution or other unintended behavior by allowing manipulation of memory after it has been freed, creating opportunities for exploitation.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm June 2025 Security Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Qualcomm FastConnect 6700

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_6700:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm FastConnect 6900

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm FastConnect 7800

Moderate fix1 remedy

cpe:2.3:h:qualcomm:fastconnect_7800:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCM5430

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcm5430:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCM6490

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcm6490:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCS5430

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcs5430:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm QCS6490

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qcs6490:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Video Collaboration VC3

Moderate fix1 remedy

cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc3:*:*:*:*:*:*:*, +6 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm SC8380XP

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sc8380xp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Snapdragon 7c+ Gen 3 Compute

Moderate fix1 remedy

cpe:2.3:h:qualcomm:snapdragon_7c+_gen_3_compute:*:*:*:*:*:*:*, +3 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

Qualcomm Snapdragon 8cx Gen 3 Compute

Moderate fix1 remedy

cpe:2.3:h:qualcomm:sd_8cx_gen3:*:*:*:*:*:*:*, +9 more

Moderate fix1 remedy

>= 12.1X46, < 12.1X46-D81

CVSS Scores

volerion

6.8

CVSS 4.0

6.8

Medium

volerion

5.5

CVSS 3.1

5.5

Medium

Vendor

7.8

CVSS 3.1

7.8

High

Click a row to open the calculator.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

AdvisoryBundleRemedyVendor

Showing 1-1 of 1 references

Qualcomm Bluetooth Host Use-After-Free Vulnerability Allowing Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

Qualcomm FastConnect 6700

Qualcomm FastConnect 6900

Qualcomm FastConnect 7800

Qualcomm QCM5430

Qualcomm QCM6490

Qualcomm QCS5430

Qualcomm QCS6490

Qualcomm Video Collaboration VC3

Qualcomm SC8380XP

Qualcomm Snapdragon 7c+ Gen 3 Compute

Qualcomm Snapdragon 8cx Gen 3 Compute

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating