CVE-2025-21424: Use After Free in NPU

High (7.8)

Sign up for FREE to recieve instant alerts about this vulnerability!

Description

Memory corruption while calling the NPU driver APIs concurrently.

Classification

CVE ID: CVE-2025-21424

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-416 Use After Free

Affected Products

Vendor: Qualcomm, Inc.

Product: Snapdragon

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 0.1198 (how common is this exploit)

EPSS Date: 2025-03-14 (when was this score calculated)

Timeline