CVE-2025-59616 (GCVE-0-2025-59616)

Vulnerability from cvelistv5 – Published: 2026-07-06 20:09 – Updated: 2026-07-06 20:53
VLAI
Title
Use After Free in Computer Vision
Summary
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: FastConnect 6700
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: Molokai
Affected: Orne
Affected: Pandeiro
Affected: QCM5430
Affected: QCM6490
Affected: QMP1000
Affected: QMP2001
Affected: Qualcomm Video Collaboration VC3 Platform
Affected: SC8380XP
Affected: SD865 5G
Affected: SM6850
Affected: SM8845P
Affected: Snapdragon 460 Mobile Platform
Affected: Snapdragon 662 Mobile Platform
Affected: Snapdragon 8 Elite Gen 5
Affected: Snapdragon AR1 Gen 1 Platform
Affected: Snapdragon XR2 5G Platform
Affected: Snapdragon XR2+ Gen 1 Platform
Affected: SXR2230P
Affected: SXR2250P
Affected: WCD9370
Affected: WCD9375
Affected: WCD9378
Affected: WCD9380
Affected: WCD9385
Affected: WCD9395
Affected: WCN3950
Affected: WCN3988
Affected: WCN6450
Affected: WCN7760
Affected: WCN7860
Affected: WCN7861
Affected: WCN7880
Affected: WCN7881
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Affected: WSA8850
Affected: WSA8850W
Affected: WSA8855C
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T20:53:38.832699Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T20:53:46.541Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon CCW",
            "Snapdragon Compute",
            "Snapdragon Consumer IOT",
            "Snapdragon MC",
            "Snapdragon Mobile"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "Molokai"
            },
            {
              "status": "affected",
              "version": "Orne"
            },
            {
              "status": "affected",
              "version": "Pandeiro"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "QMP2001"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "SC8380XP"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SM6850"
            },
            {
              "status": "affected",
              "version": "SM8845P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 460 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 662 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Elite Gen 5"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2+ Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "SXR2250P"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9378"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN6450"
            },
            {
              "status": "affected",
              "version": "WCN7760"
            },
            {
              "status": "affected",
              "version": "WCN7860"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7880"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            },
            {
              "status": "affected",
              "version": "WSA8850"
            },
            {
              "status": "affected",
              "version": "WSA8850W"
            },
            {
              "status": "affected",
              "version": "WSA8855C"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-06T20:09:32.700Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html"
        }
      ],
      "title": "Use After Free in Computer Vision"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-59616",
    "datePublished": "2026-07-06T20:09:32.700Z",
    "dateReserved": "2025-09-18T03:19:23.202Z",
    "dateUpdated": "2026-07-06T20:53:46.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59616\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2026-07-06T21:16:52.513\",\"lastModified\":\"2026-07-06T21:16:52.513\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.\"}],\"affected\":[{\"source\":\"product-security@qualcomm.com\",\"affectedData\":[{\"vendor\":\"Qualcomm, Inc.\",\"product\":\"Snapdragon\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Snapdragon CCW\",\"Snapdragon Compute\",\"Snapdragon Consumer IOT\",\"Snapdragon MC\",\"Snapdragon Mobile\"],\"versions\":[{\"version\":\"FastConnect 6700\",\"status\":\"affected\"},{\"version\":\"FastConnect 6900\",\"status\":\"affected\"},{\"version\":\"FastConnect 7800\",\"status\":\"affected\"},{\"version\":\"Molokai\",\"status\":\"affected\"},{\"version\":\"Orne\",\"status\":\"affected\"},{\"version\":\"Pandeiro\",\"status\":\"affected\"},{\"version\":\"QCM5430\",\"status\":\"affected\"},{\"version\":\"QCM6490\",\"status\":\"affected\"},{\"version\":\"QMP1000\",\"status\":\"affected\"},{\"version\":\"QMP2001\",\"status\":\"affected\"},{\"version\":\"Qualcomm Video Collaboration VC3 Platform\",\"status\":\"affected\"},{\"version\":\"SC8380XP\",\"status\":\"affected\"},{\"version\":\"SD865 5G\",\"status\":\"affected\"},{\"version\":\"SM6850\",\"status\":\"affected\"},{\"version\":\"SM8845P\",\"status\":\"affected\"},{\"version\":\"Snapdragon 460 Mobile Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon 662 Mobile Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon 8 Elite Gen 5\",\"status\":\"affected\"},{\"version\":\"Snapdragon AR1 Gen 1 Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon XR2 5G Platform\",\"status\":\"affected\"},{\"version\":\"Snapdragon XR2+ Gen 1 Platform\",\"status\":\"affected\"},{\"version\":\"SXR2230P\",\"status\":\"affected\"},{\"version\":\"SXR2250P\",\"status\":\"affected\"},{\"version\":\"WCD9370\",\"status\":\"affected\"},{\"version\":\"WCD9375\",\"status\":\"affected\"},{\"version\":\"WCD9378\",\"status\":\"affected\"},{\"version\":\"WCD9380\",\"status\":\"affected\"},{\"version\":\"WCD9385\",\"status\":\"affected\"},{\"version\":\"WCD9395\",\"status\":\"affected\"},{\"version\":\"WCN3950\",\"status\":\"affected\"},{\"version\":\"WCN3988\",\"status\":\"affected\"},{\"version\":\"WCN6450\",\"status\":\"affected\"},{\"version\":\"WCN7760\",\"status\":\"affected\"},{\"version\":\"WCN7860\",\"status\":\"affected\"},{\"version\":\"WCN7861\",\"status\":\"affected\"},{\"version\":\"WCN7880\",\"status\":\"affected\"},{\"version\":\"WCN7881\",\"status\":\"affected\"},{\"version\":\"WSA8810\",\"status\":\"affected\"},{\"version\":\"WSA8815\",\"status\":\"affected\"},{\"version\":\"WSA8830\",\"status\":\"affected\"},{\"version\":\"WSA8832\",\"status\":\"affected\"},{\"version\":\"WSA8835\",\"status\":\"affected\"},{\"version\":\"WSA8840\",\"status\":\"affected\"},{\"version\":\"WSA8845\",\"status\":\"affected\"},{\"version\":\"WSA8845H\",\"status\":\"affected\"},{\"version\":\"WSA8850\",\"status\":\"affected\"},{\"version\":\"WSA8850W\",\"status\":\"affected\"},{\"version\":\"WSA8855C\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":5.3}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T20:53:38.832699Z\",\"id\":\"CVE-2025-59616\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html\",\"source\":\"product-security@qualcomm.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59616\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T20:53:38.832699Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T20:53:43.276Z\"}}], \"cna\": {\"title\": \"Use After Free in Computer Vision\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"FastConnect 6700\"}, {\"status\": \"affected\", \"version\": \"FastConnect 6900\"}, {\"status\": \"affected\", \"version\": \"FastConnect 7800\"}, {\"status\": \"affected\", \"version\": \"Molokai\"}, {\"status\": \"affected\", \"version\": \"Orne\"}, {\"status\": \"affected\", \"version\": \"Pandeiro\"}, {\"status\": \"affected\", \"version\": \"QCM5430\"}, {\"status\": \"affected\", \"version\": \"QCM6490\"}, {\"status\": \"affected\", \"version\": \"QMP1000\"}, {\"status\": \"affected\", \"version\": \"QMP2001\"}, {\"status\": \"affected\", \"version\": \"Qualcomm Video Collaboration VC3 Platform\"}, {\"status\": \"affected\", \"version\": \"SC8380XP\"}, {\"status\": \"affected\", \"version\": \"SD865 5G\"}, {\"status\": \"affected\", \"version\": \"SM6850\"}, {\"status\": \"affected\", \"version\": \"SM8845P\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 460 Mobile Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 662 Mobile Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 8 Elite Gen 5\"}, {\"status\": \"affected\", \"version\": \"Snapdragon AR1 Gen 1 Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon XR2 5G Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon XR2+ Gen 1 Platform\"}, {\"status\": \"affected\", \"version\": \"SXR2230P\"}, {\"status\": \"affected\", \"version\": \"SXR2250P\"}, {\"status\": \"affected\", \"version\": \"WCD9370\"}, {\"status\": \"affected\", \"version\": \"WCD9375\"}, {\"status\": \"affected\", \"version\": \"WCD9378\"}, {\"status\": \"affected\", \"version\": \"WCD9380\"}, {\"status\": \"affected\", \"version\": \"WCD9385\"}, {\"status\": \"affected\", \"version\": \"WCD9395\"}, {\"status\": \"affected\", \"version\": \"WCN3950\"}, {\"status\": \"affected\", \"version\": \"WCN3988\"}, {\"status\": \"affected\", \"version\": \"WCN6450\"}, {\"status\": \"affected\", \"version\": \"WCN7760\"}, {\"status\": \"affected\", \"version\": \"WCN7860\"}, {\"status\": \"affected\", \"version\": \"WCN7861\"}, {\"status\": \"affected\", \"version\": \"WCN7880\"}, {\"status\": \"affected\", \"version\": \"WCN7881\"}, {\"status\": \"affected\", \"version\": \"WSA8810\"}, {\"status\": \"affected\", \"version\": \"WSA8815\"}, {\"status\": \"affected\", \"version\": \"WSA8830\"}, {\"status\": \"affected\", \"version\": \"WSA8832\"}, {\"status\": \"affected\", \"version\": \"WSA8835\"}, {\"status\": \"affected\", \"version\": \"WSA8840\"}, {\"status\": \"affected\", \"version\": \"WSA8845\"}, {\"status\": \"affected\", \"version\": \"WSA8845H\"}, {\"status\": \"affected\", \"version\": \"WSA8850\"}, {\"status\": \"affected\", \"version\": \"WSA8850W\"}, {\"status\": \"affected\", \"version\": \"WSA8855C\"}], \"platforms\": [\"Snapdragon CCW\", \"Snapdragon Compute\", \"Snapdragon Consumer IOT\", \"Snapdragon MC\", \"Snapdragon Mobile\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2026-07-06T20:09:32.700Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59616\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T20:53:46.541Z\", \"dateReserved\": \"2025-09-18T03:19:23.202Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2026-07-06T20:09:32.700Z\", \"assignerShortName\": \"qualcomm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…