CVE-2025-21437

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description The issue involves memory corruption that occurs when processing memory map or unmap IOCTL operations simultaneously. This happens due to a race condition where one thread calls hfastrpc mem map without acquiring the internal map mutex lock, and another thread calls hfastrpc mem unmap concurrently, leading to memory being freed while still in use, resulting in a use-after-free (UAF) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2025-21437

Affected Products

Snapdragon

Qam8255P Firmware

Qam8295P Firmware

Qam8620P Firmware

Qam8650P Firmware

Qam8775P Firmware

Qamsrv1H Firmware

Qca6574Au Firmware

Qca6595Au Firmware

Qca6688Aq Firmware

Qca6696 Firmware

Qca6698Aq Firmware

Qca6797Aq Firmware

Sa6155P Firmware

Sa7255P Firmware

Sa7775P Firmware

Sa8155P Firmware

Sa8195P Firmware

Sa8255P Firmware

Sa8295P Firmware

Sa8620P Firmware

Sa8650P Firmware

Sa8770P Firmware

Sa8775P Firmware

Sa9000P Firmware

Srv1H Firmware

CVE-2025-21437

Weakness Enumeration

Related Identifiers

Affected Products

References · 9