We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-21486

Untrusted Pointer Dereference in DSP Service



Description

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

Reserved 2024-12-18 | Published 2025-06-03 | Updated 2025-06-04 | Assigner qualcomm


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-822 Untrusted Pointer Dereference

Product status

Default status
unaffected

FastConnect 6900
affected

FastConnect 7800
affected

QMP1000
affected

SM8735
affected

SM8750
affected

SM8750P
affected

Snapdragon W5+ Gen 1 Wearable Platform
affected

SW5100
affected

SW5100P
affected

SXR2230P
affected

SXR2250P
affected

SXR2330P
affected

WCD9378
affected

WCD9380
affected

WCD9385
affected

WCD9395
affected

WCN3660B
affected

WCN3680B
affected

WCN3980
affected

WCN3988
affected

WCN7750
affected

WCN7860
affected

WCN7861
affected

WCN7880
affected

WCN7881
affected

WSA8830
affected

WSA8832
affected

WSA8835
affected

WSA8840
affected

WSA8845
affected

WSA8845H
affected

References

docs.qualcomm.com/...ecuritybulletin/june-2025-bulletin.html

cve.org (CVE-2025-21486)

nvd.nist.gov (CVE-2025-21486)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-21486

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.