Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
AnalysisAI
Local privilege escalation in Qualcomm Snapdragon components allows authenticated local attackers to corrupt kernel memory through malformed IOCTL requests. Exploitation requires low-privilege local access but no user interaction (CVSS 7.8, AV:L/PR:L). The vulnerability enables attackers to achieve high impact across confidentiality, integrity, and availability through unsafe memcpy operations that fail to validate buffer sizes. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) suggests exploitation development is feasible for adversaries with local access.
Technical ContextAI
This vulnerability resides in the IOCTL (Input/Output Control) interface of Qualcomm Snapdragon driver code, which handles system calls between user-space applications and kernel-space drivers. The root cause is CWE-122 (heap-based buffer overflow), occurring when the driver performs memcpy operations without properly validating user-supplied buffer sizes passed through IOCTL requests. When an attacker crafts IOCTL calls with maliciously oversized or undersized buffer parameters, the unchecked memcpy operation writes beyond allocated memory boundaries, corrupting adjacent heap structures. Qualcomm Snapdragon processors are system-on-chip (SoC) platforms widely deployed in mobile devices, automotive systems, and IoT products, making this a hardware-firmware layer vulnerability affecting the core chipset driver stack rather than application-level software.
RemediationAI
Organizations should apply Qualcomm's security patches detailed in the April 2026 Security Bulletin available at https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html, which will contain firmware updates with corrected buffer validation in IOCTL handlers. Device manufacturers (OEMs) must integrate these Qualcomm patches into their own firmware releases before end-user deployment, creating a multi-tier patching dependency that may delay availability. Until patched firmware becomes available and can be deployed, mitigating controls include restricting installation of untrusted applications through mobile device management policies, enforcing principle of least privilege to limit local user account capabilities, and implementing runtime application monitoring to detect anomalous IOCTL call patterns. For enterprise-managed devices, accelerating the firmware update cycle and prioritizing Snapdragon-based systems with access to sensitive data will reduce exposure windows.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Local privilege escalation and memory corruption in Qualcomm Snapdragon WLAN firmware occurs when the driver parses malf
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation via memory corruption affects Qualcomm Snapdragon platforms, where allocating memory with siz
Use-after-free memory corruption in Qualcomm Snapdragon platform driver code allows a local low-privileged process to tr
Local privilege escalation via memory corruption affects a broad range of Qualcomm Snapdragon chipsets, where a use-afte
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19323
GHSA-73jc-v74h-5w6r