CVE-2025-21438 Vulnerability Analysis & Exploit Details

CVE-2025-21438 Vulnerability Summary

CVE-2025-21438: Memory corruption while IOCTL call is invoked from user-space to read board data.

CVE-2025-21438 References

External References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Overread Buffers CAPEC-540 An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Vulnerable Configurations

• cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:fastconnect_6200:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:fastconnect_6200:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qca6164_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qca6164_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qca6164:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qca6164:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qca6174_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qca6174_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qca6174:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qca6174:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qcn7606:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qcn7606:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qcs5430:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qcs5430:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:sc8180x\+sdx55_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:sc8180x\+sdx55_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:sc8180x\+sdx55:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:sc8180x\+sdx55:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_7c_compute_platform_\(sc7180-ac\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_7c_compute_platform_\(sc7180-ac\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_7c_compute_platform_\(sc7180-ac\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_7c_compute_platform_\(sc7180-ac\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\":-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\":-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_7c\+_gen_3_compute:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_7c\+_gen_3_compute:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\(sc8180x-ad\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\(sc8180x-ad\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform_\(sc8180x-ad\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform_\(sc8180x-ad\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-aa\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-aa\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-ab\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-ab\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-ac\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-ac\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-af\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-af\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\):-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\):-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
• cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
  cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-62672 – rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs...
• CVE-2025-47410 – Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tric...
• CVE-2025-11926 – The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1...
• CVE-2025-9890 – The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing...
• CVE-2025-5555 – A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the...