Patches

Critical 0-Day Vulnerabilities in Qualcomm Adreno GPU Drivers Actively Exploited

Summary

OEM	Qualcomm
Severity	HIGH
CVSS Score	8.6
CVEs	CVE-2025-21479, CVE-2025-21480, CVE-2025-27038
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview

Three actively exploited zero-day vulnerabilities in Qualcomm’s Adreno GPU drivers (CVE-2025-21479, CVE-2025-21480, CVE-2025-27038) have been disclosed and patched.

These flaws impact billions of Android devices across vendors such as Samsung, Google, Xiaomi, and OnePlus. Qualcomm released patches to OEMs in May 2025, urging immediate integration to mitigate severe memory corruption and code execution threats.

Vulnerability Name	CVE ID	Product Affected	CVSS Score	Severity
Incorrect Authorization Vulnerability	CVE-2025-21479	Qualcomm Adreno GPU Driver	8.6	High
Incorrect Authorization Vulnerability	CVE-2025-21480	Qualcomm Adreno GPU Driver	8.6	High
Use-After-Free Vulnerability	CVE-2025-27038	Qualcomm Adreno GPU Driver	7.5	High

Technical Summary

These vulnerabilities reside within Qualcomm’s Adreno GPU driver, specifically in the Graphics component. The flaws allow attackers to corrupt memory, escalate privileges or execute arbitrary code. Two issues (CVE-2025-21479, CVE-2025-21480) result from incorrect authorization mechanisms in GPU microcode and the third (CVE-2025-27038) is a use-after-free flaw that can be exploited via malicious content rendered through Chrome.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-21479	Android (Adreno GPU)	Unauthorized command execution during specific GPU microcode sequences causes memory corruption.	Privilege escalation, system compromise.
CVE-2025-21480	Android (Adreno GPU)	Similar unauthorized GPU command flaw allowing memory corruption via improper authorization checks.	Memory corruption, remote code execution.
CVE-2025-27038	Android (Chrome/Adreno)	Use-after-free condition in graphics rendering pipeline (via Chrome) allows attacker control over freed memory space.	Arbitrary code execution.

Recommendations:

Apply OEM Patches Immediately: Qualcomm released fixes in May 2025 to all OEMs; users should install the latest firmware updates from their device manufacturers.

Check for Updates: Go to Settings → System → Software Update and apply the latest security patches as soon as available.

Apply Security Updates: Users should ensure their Android devices receive the latest security updates.

Monitor Manufacturer Communications: Stay informed about patch availability specific to your device model via official OEM channels.

Conclusion:
These zero-day vulnerabilities in Qualcomm’s Adreno GPU drivers highlight ongoing security risks in mobile hardware components.

Exploited in limited, targeted attacks potentially by spyware vendors or state-sponsored actors these flaws pose significant threats to Android devices worldwide.

In response to confirmed exploitation, CISA has added all three CVEs (CVE-2025-21479, CVE-2025-21480, CVE-2025-27038) to its Known Exploited Vulnerabilities (KEV) catalog, mandating swift action for federal systems.

Timely patching by OEMs and proactive updates by users are critical to mitigating these risks and preventing further exploitation.

References:

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

https://securityonline.info/actively-exploited-qualcomm-gpu-zero-days-added-to-cisas-kev-catalog/

GitLab Releases Patch to Fix Critical and High-Severity Vulnerabilities

GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities.

Summary

OEM	Gitlab
Severity	High
CVEs	CVE-2024-5655, CVE-2024-6385, CVE-2024-6678, CVE-2024-8970, CVE-2025-0194, CVE-2024-6324, CVE-2024-12431, CVE-2024-13041
Exploited in Wild	No
Patch/Remediation Available	Yes
Advisory Version	1.0

Overview

The vulnerabilities could potentially impact unauthorized access, data manipulation, and service disruption. These have been disclosed through GitLab’s HackerOne bug bounty program. Latest Versions 17.7.1, 17.6.3, and 17.5.5 are now available for immediate download and upgrade to address these issues.

Vulnerability Name	CVE ID	Product Affected	Severity
Import Functionality Vulnerabilities	CVE-2024-6385	GitLab CE/EE	Critical
Import Functionality Vulnerabilities	CVE-2024-5655	GitLab CE/EE	High
Import Functionality Vulnerabilities	CVE-2024-6678	GitLab CE/EE	High
Import Functionality Vulnerabilities	CVE-2024-8970	GitLab CE/EE	High
Access Token Exposure in Logs	CVE-2025-0194	GitLab CE/EE	Medium
Cyclic Reference of Epics Leading to DoS	CVE-2024-6324	GitLab CE/EE	Medium
Unauthorized Manipulation of Issue Status	CVE-2024-12431	GitLab CE/EE	Medium
Instance SAML Bypass	CVE-2024-13041	GitLab CE/EE	Medium

Technical Summary

This update addresses several significant vulnerabilities identified in GitLab CE/EE:

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2024-6385	GitLab CE/EE	Vulnerability in import functionality allowing potential exploitation	Allows attackers to exploit the system.
CVE-2024-5655
CVE-2024-6678
CVE-2024-8970
CVE-2025-0194	GitLab CE/EE	Possible exposure of access tokens in logs under certain conditions.	Potential unauthorized access to sensitive resources.
CVE-2024-6324	GitLab CE/EE	Cyclic references between epics could lead to resource exhaustion, causing a Denial of Service (DoS).	Service disruption due to resource exhaustion.
CVE-2024-12431	GitLab CE/EE	Unauthorized users could manipulate issue statuses in public projects, potentially disrupting workflows.	Workflow disruption and compromised data integrity.
CVE-2024-13041	GitLab CE/EE	Flaw in instance SAML configuration allowing bypass of external provider settings.	Unauthorized access to internal projects or groups.

Key Changes to Import Functionality:

Post-import mapping: This new feature allows administrators to assign imported contributions and memberships to users after the import process is complete, enhancing control and security.

Email-independent mapping: The updated mapping process no longer relies on email addresses, providing greater flexibility and security when importing from instances with different email domains.

User control: Users on the destination instance now have the power to accept or reject assigned contributions, adding another layer of security and preventing unauthorized access.

Remediation:

Upgrade GitLab Instances: All users are strongly advised to upgrade to versions 17.7.1, 17.6.3, or 17.5.5 immediately to mitigate these vulnerabilities.

Disable Importers Temporarily: Until upgrades are complete, disable importers to avoid exploitation. If import functionality is essential, enable it only during the import process and disable it afterward.

Adopt Updated Features: Leverage the new post-import mapping, email-independent mapping, and user control enhancements for increased security.

Conclusion:

The vulnerabilities addressed in this patch release highlight the importance of timely updates and proactive security measures. GitLab’s redesign of its import functionality and the prompt patch release demonstrate a commitment to user security. Upgrading to the latest patched versions and adhering to the recommended actions is critical to maintaining a secure environment.

References: