Qualcomm fixes three Adreno GPU zero-days exploited in attacks www.bleepingcomputer.com/news/secu…

Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.

The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480) were reported through the Google Android Security team in late January, and a third high-severity vulnerability (CVE-2025-27038) was reported in March.

The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causing memory corruption while rendering graphics using Adreno GPU drivers in Chrome.