Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
4DescriptionCVE.org
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
AnalysisAI
Memory corruption in Qualcomm Snapdragon occurs when dynamically resizing a previously allocated buffer while its contents are being concurrently modified, enabling local authenticated attackers with user-level privileges to achieve high confidentiality and integrity impact with CVSS 6.5. No active exploitation has been confirmed at the time of analysis, and patch availability details require verification against the May 2026 Qualcomm security bulletin.
Technical ContextAI
This vulnerability stems from a classic buffer overflow condition (CWE-120: Buffer Copy without Checking Size of Input) involving race conditions or improper synchronization during dynamic buffer reallocation. The Snapdragon platform, Qualcomm's system-on-chip (SoC) architecture used across Android devices and embedded systems, manages memory allocation and deallocation at firmware and driver levels. When a buffer is resized while another thread or process modifies its contents, the lack of proper locking or atomic operations can corrupt heap metadata or overflow into adjacent memory regions. This is particularly dangerous in privileged code paths handling modem, GPU, or display driver operations where memory safety violations propagate to system stability.
RemediationAI
Apply the security patch released by Qualcomm in the May 2026 Security Bulletin immediately. For affected Android devices, install the latest security update provided by your device manufacturer or carrier, which will include the patched Snapdragon firmware and drivers. Until patching is possible, restrict local application execution privileges through SELinux enforcement policies and disable unnecessary hardware-accelerated features (GPU, modem extensions) if not required for core functionality; note that disabling features may impact device performance and user experience. Implement process isolation and monitor for unexpected memory access patterns using kernel-level sanitizers (KASAN) in development/testing environments to detect exploitation attempts.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209629