CVE-2025-59616 (GCVE-0-2025-59616)
Vulnerability from cvelistv5 – Published: 2026-07-06 20:09 – Updated: 2026-07-06 20:53
VLAI
Title
Use After Free in Computer Vision
Summary
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
FastConnect 6700
Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: Molokai Affected: Orne Affected: Pandeiro Affected: QCM5430 Affected: QCM6490 Affected: QMP1000 Affected: QMP2001 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SC8380XP Affected: SD865 5G Affected: SM6850 Affected: SM8845P Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 8 Elite Gen 5 Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon XR2 5G Platform Affected: Snapdragon XR2+ Gen 1 Platform Affected: SXR2230P Affected: SXR2250P Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9395 Affected: WCN3950 Affected: WCN3988 Affected: WCN6450 Affected: WCN7760 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: WSA8850 Affected: WSA8850W Affected: WSA8855C |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T20:53:38.832699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T20:53:46.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon MC",
"Snapdragon Mobile"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "Molokai"
},
{
"status": "affected",
"version": "Orne"
},
{
"status": "affected",
"version": "Pandeiro"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QMP2001"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SM6850"
},
{
"status": "affected",
"version": "SM8845P"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Elite Gen 5"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN7760"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
},
{
"status": "affected",
"version": "WSA8850"
},
{
"status": "affected",
"version": "WSA8850W"
},
{
"status": "affected",
"version": "WSA8855C"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T20:09:32.700Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html"
}
],
"title": "Use After Free in Computer Vision"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-59616",
"datePublished": "2026-07-06T20:09:32.700Z",
"dateReserved": "2025-09-18T03:19:23.202Z",
"dateUpdated": "2026-07-06T20:53:46.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-59616\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2026-07-06T21:16:52.513\",\"lastModified\":\"2026-07-06T21:16:52.513\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.\"}],\"affected\":[{\"source\":\"product-security@qualcomm.com\",\"affectedData\":[{\"vendor\":\"Qualcomm, Inc.\",\"product\":\"Snapdragon\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Snapdragon CCW\",\"Snapdragon Compute\",\"Snapdragon Consumer IOT\",\"Snapdragon MC\",\"Snapdragon Mobile\"],\"versions\":[{\"version\":\"FastConnect 6700\",\"status\":\"affected\"},{\"version\":\"FastConnect 6900\",\"status\":\"affected\"},{\"version\":\"FastConnect 7800\",\"status\":\"affected\"},{\"version\":\"Molokai\",\"status\":\"affected\"},{\"version\":\"Orne\",\"status\":\"affected\"},{\"version\":\"Pandeiro\",\"status\":\"affected\"},{\"version\":\"QCM5430\",\"status\":\"affected\"},{\"version\":\"QCM6490\",\"status\":\"affected\"},{\"version\":\"QMP1000\",\"status\":\"affected\"},{\"version\":\"QMP2001\",\"status\":\"affected\"},{\"version\":\"Qualcomm Video Collaboration VC3 Platform\",\"status\":\"affected\"},{\"version\":\"SC8380XP\",\"status\":\"affected\"},{\"version\":\"SD865 5G\",\"status\":\"affected\"},{\"version\":\"SM6850\",\"status\":\"affected\"},{\"version\":\"SM8845P\",\"status\":\"affected\"},{\"version\":\"Snapdragon 460 Mobile Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon 662 Mobile Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon 8 Elite Gen 5\",\"status\":\"affected\"},{\"version\":\"Snapdragon AR1 Gen 1 Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon XR2 5G Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon XR2+ Gen 1 Platform\",\"status\":\"affected\"},{\"version\":\"SXR2230P\",\"status\":\"affected\"},{\"version\":\"SXR2250P\",\"status\":\"affected\"},{\"version\":\"WCD9370\",\"status\":\"affected\"},{\"version\":\"WCD9375\",\"status\":\"affected\"},{\"version\":\"WCD9378\",\"status\":\"affected\"},{\"version\":\"WCD9380\",\"status\":\"affected\"},{\"version\":\"WCD9385\",\"status\":\"affected\"},{\"version\":\"WCD9395\",\"status\":\"affected\"},{\"version\":\"WCN3950\",\"status\":\"affected\"},{\"version\":\"WCN3988\",\"status\":\"affected\"},{\"version\":\"WCN6450\",\"status\":\"affected\"},{\"version\":\"WCN7760\",\"status\":\"affected\"},{\"version\":\"WCN7860\",\"status\":\"affected\"},{\"version\":\"WCN7861\",\"status\":\"affected\"},{\"version\":\"WCN7880\",\"status\":\"affected\"},{\"version\":\"WCN7881\",\"status\":\"affected\"},{\"version\":\"WSA8810\",\"status\":\"affected\"},{\"version\":\"WSA8815\",\"status\":\"affected\"},{\"version\":\"WSA8830\",\"status\":\"affected\"},{\"version\":\"WSA8832\",\"status\":\"affected\"},{\"version\":\"WSA8835\",\"status\":\"affected\"},{\"version\":\"WSA8840\",\"status\":\"affected\"},{\"version\":\"WSA8845\",\"status\":\"affected\"},{\"version\":\"WSA8845H\",\"status\":\"affected\"},{\"version\":\"WSA8850\",\"status\":\"affected\"},{\"version\":\"WSA8850W\",\"status\":\"affected\"},{\"version\":\"WSA8855C\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":5.3}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T20:53:38.832699Z\",\"id\":\"CVE-2025-59616\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html\",\"source\":\"product-security@qualcomm.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59616\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T20:53:38.832699Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T20:53:43.276Z\"}}], \"cna\": {\"title\": \"Use After Free in Computer Vision\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"FastConnect 6700\"}, {\"status\": \"affected\", \"version\": \"FastConnect 6900\"}, {\"status\": \"affected\", \"version\": \"FastConnect 7800\"}, {\"status\": \"affected\", \"version\": \"Molokai\"}, {\"status\": \"affected\", \"version\": \"Orne\"}, {\"status\": \"affected\", \"version\": \"Pandeiro\"}, {\"status\": \"affected\", \"version\": \"QCM5430\"}, {\"status\": \"affected\", \"version\": \"QCM6490\"}, {\"status\": \"affected\", \"version\": \"QMP1000\"}, {\"status\": \"affected\", \"version\": \"QMP2001\"}, {\"status\": \"affected\", \"version\": \"Qualcomm Video Collaboration VC3 Platform\"}, {\"status\": \"affected\", \"version\": \"SC8380XP\"}, {\"status\": \"affected\", \"version\": \"SD865 5G\"}, {\"status\": \"affected\", \"version\": \"SM6850\"}, {\"status\": \"affected\", \"version\": \"SM8845P\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 460 Mobile Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 662 Mobile Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 8 Elite Gen 5\"}, {\"status\": \"affected\", \"version\": \"Snapdragon AR1 Gen 1 Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon XR2 5G Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon XR2+ Gen 1 Platform\"}, {\"status\": \"affected\", \"version\": \"SXR2230P\"}, {\"status\": \"affected\", \"version\": \"SXR2250P\"}, {\"status\": \"affected\", \"version\": \"WCD9370\"}, {\"status\": \"affected\", \"version\": \"WCD9375\"}, {\"status\": \"affected\", \"version\": \"WCD9378\"}, {\"status\": \"affected\", \"version\": \"WCD9380\"}, {\"status\": \"affected\", \"version\": \"WCD9385\"}, {\"status\": \"affected\", \"version\": \"WCD9395\"}, {\"status\": \"affected\", \"version\": \"WCN3950\"}, {\"status\": \"affected\", \"version\": \"WCN3988\"}, {\"status\": \"affected\", \"version\": \"WCN6450\"}, {\"status\": \"affected\", \"version\": \"WCN7760\"}, {\"status\": \"affected\", \"version\": \"WCN7860\"}, {\"status\": \"affected\", \"version\": \"WCN7861\"}, {\"status\": \"affected\", \"version\": \"WCN7880\"}, {\"status\": \"affected\", \"version\": \"WCN7881\"}, {\"status\": \"affected\", \"version\": \"WSA8810\"}, {\"status\": \"affected\", \"version\": \"WSA8815\"}, {\"status\": \"affected\", \"version\": \"WSA8830\"}, {\"status\": \"affected\", \"version\": \"WSA8832\"}, {\"status\": \"affected\", \"version\": \"WSA8835\"}, {\"status\": \"affected\", \"version\": \"WSA8840\"}, {\"status\": \"affected\", \"version\": \"WSA8845\"}, {\"status\": \"affected\", \"version\": \"WSA8845H\"}, {\"status\": \"affected\", \"version\": \"WSA8850\"}, {\"status\": \"affected\", \"version\": \"WSA8850W\"}, {\"status\": \"affected\", \"version\": \"WSA8855C\"}], \"platforms\": [\"Snapdragon CCW\", \"Snapdragon Compute\", \"Snapdragon Consumer IOT\", \"Snapdragon MC\", \"Snapdragon Mobile\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2026-07-06T20:09:32.700Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-59616\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T20:53:46.541Z\", \"dateReserved\": \"2025-09-18T03:19:23.202Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2026-07-06T20:09:32.700Z\", \"assignerShortName\": \"qualcomm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…