Critical Secure Boot Vulnerability in Qualcomm Chipsets
Qualcomm has issued a security alert regarding multiple newly discovered vulnerabilities in its chipset ecosystem, with particular emphasis on a critical flaw affecting the secure boot process. The most severe vulnerability, identified as CVE-2025-47372 and rated as critical with a CVSS score of 9.0, involves a buffer overflow during the boot sequence that could allow attackers to bypass verification routines, install persistent malicious firmware, or gain control of a device before the operating system loads. This flaw, classified under CWE-120 (Classic Buffer Overflow), impacts a wide range of Snapdragon and QAM devices, and Qualcomm has urged device manufacturers to integrate the necessary fixes into both current and future products.
The vulnerability was discovered with the assistance of external researchers and has been highlighted in Qualcomm's December 2025 security bulletin. Security authorities, including the Canadian Centre for Cyber Security, have echoed Qualcomm's advisory, strongly recommending that users and administrators review the bulletin and apply all relevant updates to mitigate the risk. The flaw's presence at such a fundamental stage of device operation underscores the urgency for prompt remediation across affected hardware.
Sources
Related Stories
Hardware-Level Android Chip Vulnerabilities Enable Device Compromise
Security researchers and vendors reported **hardware/firmware-level vulnerabilities in Android chip components** that can enable deep device compromise beyond typical app-layer defenses. Ledger’s Donjon research described a flaw involving **MediaTek chip boot-chain behavior and Trustonic’s trusted execution environment (TEE)** that allowed rapid physical compromise: by connecting an affected phone to a laptop over **USB**, attackers could allegedly brute-force the PIN, decrypt storage, and extract sensitive data including messages and **cryptocurrency wallet seed phrases** (e.g., Kraken Wallet, Phantom). The researchers estimated the affected MediaTek chips appear in roughly **one-quarter of Android phones**, disproportionately in lower-cost devices. Separately, Zimperium reported active exploitation of a **Qualcomm graphics zero-day** (**CVE-2026-21385**) in targeted Android attacks, describing a memory-corruption condition that could enable code execution or unauthorized access across “hundreds” of Qualcomm chipsets. A ZDNET article on Android’s *Repair Mode* primarily provides user guidance and anecdotal troubleshooting around a buggy March update/SIM recognition issue; it does not substantively address the chip-level vulnerabilities described in the other reporting and is best treated as tangential consumer advice rather than incident or vulnerability intelligence.
5 days ago
Google March Android Security Bulletin Patches 129 Flaws Including Actively Exploited Qualcomm Display Zero-Day
Google released the March 2026 *Android Security Bulletin*, issuing fixes for **129 vulnerabilities** across the Android ecosystem and shipping two patch levels (`2026-03-01` and `2026-03-05`) to help OEMs stage platform and hardware-specific updates. The most urgent issue is **CVE-2026-21385**, a **high-severity, actively exploited** zero-day in an open-source **Qualcomm display** component used in Android devices with affected Qualcomm/Snapdragon chipsets. Reporting indicates CVE-2026-21385 is a **memory-corruption** flaw caused by an **integer overflow/wraparound** condition that can lead to memory corruption during allocation/alignment in display drivers; successful exploitation could enable device compromise (e.g., arbitrary code execution and/or privilege escalation) and bypass security boundaries. Google and Qualcomm both acknowledged **limited, targeted exploitation in the wild**, and one account attributes discovery/confirmation of exploitation to Google’s **Threat Analysis Group (TAG)**; devices not updated to at least patch level `2026-03-05` remain exposed, making rapid patch deployment and user update compliance the primary risk-reduction actions.
1 weeks agoMultiple Critical Vulnerabilities Disclosed Across Major Software and Hardware Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software frameworks and hardware platforms. Notable issues include a critical flaw in the Apache bRPC framework (CVE-2025-59789) that exposes high-performance systems to crash risks, a high-severity unauthenticated XXE vulnerability in GeoServer (CVE-2025-58360) enabling file theft and SSRF, and a critical SQL injection vulnerability in Devolutions Server (CVE-2025-13757) that allows authenticated attackers to steal all stored passwords. Additional disclosures include a proof-of-concept exploit for a Windows Administrator Protection elevation of privilege vulnerability (CVE-2025-60718), a critical boot process compromise in Snapdragon 8 Gen 3 and 5G modems (CVE-2025-47372), and a flaw in Apache Kvrocks that allows privilege escalation via the 'RESET' command. A separate high-severity vulnerability (CVE-2025-61618) was identified in Unisoc T8100/T9100/T8200/T8300 chipsets, affecting Android devices and allowing remote denial of service through improper input validation in the NR modem. These vulnerabilities collectively highlight the ongoing risk posed by both software and hardware flaws, with several enabling remote code execution, privilege escalation, or denial of service. Organizations using affected products should prioritize patching and mitigation efforts to reduce exposure to these critical threats.
3 months ago