Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
AnalysisAI
Memory corruption vulnerability in Qualcomm's FastRPC implementation that affects local privilege escalation through malformed INIT and multimode invoke IOCTL calls. An attacker with local access and basic user privileges can trigger memory corruption to achieve code execution with elevated privileges, potentially compromising system integrity and confidentiality. The vulnerability carries a CVSS 7.8 score indicating high severity, though exploitation requires local access and authenticated session context.
Technical ContextAI
FastRPC (Fast Remote Procedure Call) is a Qualcomm proprietary inter-process communication (IPC) mechanism used extensively in Snapdragon chipsets for communication between ARM processors and Qualcomm's Hexagon Digital Signal Processors (DSPs). The vulnerability exists in the kernel-space FastRPC driver's IOCTL handler, specifically in processing INIT and multimode invoke commands. The root cause is CWE-367 (Time-of-check Time-of-use Race Condition), indicating a race condition where validation checks on IOCTL parameters occur at different times than when those parameters are actually used, allowing an attacker to modify memory between validation and use. This affects Qualcomm SDM, SM, and MSM chipset families where FastRPC is the primary DSP communication interface. The vulnerability manifests in the kernel FastRPC subsystem (typically located at /dev/adsprpc-smd) which handles both synchronous and asynchronous RPC invocations.
RemediationAI
Immediate mitigation: (1) Apply kernel security patches from Qualcomm/OEM vendor (check device security bulletin for January 2025 or later); (2) On Android, ensure device is running latest security patch level; (3) Restrict shell access and local account creation on affected devices; (4) Monitor for suspicious FastRPC IOCTL calls via audit logs if available. Long-term fix: Patch must serialize IOCTL validation and execution using proper synchronization primitives (mutexes around parameter validation and dereferencing). Workarounds if patch unavailable: Disable FastRPC subsystem entirely (breaks DSP functionality—not practical), or use LSM/SELinux policies to restrict /dev/adsprpc-smd access to trusted processes only. Vendor advisory links: Check Qualcomm Security Updates page (security.qualcomm.com) for January 2025+ bulletins, cross-reference with OEM (Samsung, Google, etc.) security updates for specific device models.
More in Fastconnect 6900 Firmware
View allQualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Cryptographic issue occurs due to use of insecure connection method while downloading.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16704