Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local low-privilege app (AV:L/PR:L); AC:H because triggering the use-after-free requires winning a synchronization race; kernel-level corruption yields full C/I/A impact.
Primary rating from Vendor (qualcomm).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.
AnalysisAI
Local privilege escalation via memory corruption affects a broad range of Qualcomm Snapdragon chipsets, where a use-after-free condition in the device driver's input/output control (ioctl) path for mapping and unmapping persistent memory buffers can be triggered by an authenticated local application. Improper synchronization on these operations lets a low-privileged process corrupt kernel memory to gain full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS is very low (0.09%), consistent with CISA SSVC scoring exploitation as none.
Technical ContextAI
The flaw resides in a Qualcomm kernel-mode driver that exposes ioctl operations for managing persistent memory buffers (map/unmap). CWE-416 (Use After Free) combined with the described 'improper synchronization' indicates a race condition: concurrent ioctl invocations can free a buffer object while another thread still holds and dereferences a stale pointer, allowing controlled reuse of freed kernel memory. Per the CPE (cpe:2.3:a:qualcomm,_inc.:snapdragon), the affected component is Qualcomm's Snapdragon platform software/firmware stack, which spans mobile SoCs, FastConnect Wi-Fi/BT combos, WCD/WSA audio codecs, WCN connectivity chips, and XR/AR platforms - all reachable through the same driver interface on Android and other Snapdragon-based devices. Tags reinforce this as a memory-corruption/use-after-free/buffer-overflow class defect.
RemediationAI
Patch available per vendor advisory: apply the fixes referenced in Qualcomm's July 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html); no exact fixed firmware version string was included in the provided data, so confirm the specific patched build for each affected part against that bulletin. In practice this reaches end-user devices through the corresponding OEM/Android security update, so apply the vendor firmware or monthly device update that incorporates the Qualcomm fix. Because exploitation requires local code execution, effective compensating controls until patching include restricting installation of untrusted applications and limiting which processes can open the affected Qualcomm device nodes (tighten SELinux/permission policy on the driver's /dev entries so only trusted system components can issue these ioctls); the trade-off is that overly strict device-node policy may break legitimate audio, connectivity, or XR functionality that relies on the same driver, so test before enforcing.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Local privilege escalation and memory corruption in Qualcomm Snapdragon WLAN firmware occurs when the driver parses malf
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation via memory corruption affects Qualcomm Snapdragon platforms, where allocating memory with siz
Use-after-free memory corruption in Qualcomm Snapdragon platform driver code allows a local low-privileged process to tr
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210436
GHSA-8jv7-234c-5cgq