Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local trigger via a device-resident process gives AV:L and PR:L; unbounded allocation is low-complexity (AC:L) and yields full memory-corruption impact (C/I/A:H).
Primary rating from Vendor (qualcomm).
CVSS VectorVendor: qualcomm
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
AnalysisAI
Local privilege escalation via memory corruption affects Qualcomm Snapdragon platforms, where allocating memory with sizes exceeding the maximum allowed value corrupts adjacent memory (CWE-126, buffer over-read/overflow). A local attacker with low privileges (PR:L) and no user interaction can compromise confidentiality, integrity, and availability (all High), scoring CVSS 7.8. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local code execution on the affected Snapdragon device with at least low-level privileges (CVSS PR:L) - for example, an installed app or a compromised unprivileged process - and the ability to reach the vulnerable memory-allocation code path that fails to enforce the maximum allowed allocation size. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) indicates a locally exploitable, low-complexity flaw requiring only low privileges and no user interaction, with full triad impact - consistent with a local privilege-escalation primitive rather than a remote attack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious application installed on a Snapdragon-based device runs as a normal low-privilege process and invokes the vulnerable platform interface with a crafted request that specifies an allocation size beyond the maximum allowed value. The resulting memory corruption is used to overwrite privileged data structures, escalating the attacker's control over the device. … |
| Remediation | Apply the Qualcomm-supplied fix as delivered through your device OEM: install the firmware/OS update whose security patch level incorporates the July 2026 Qualcomm bulletin fixes (https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html) - the exact fixed version is device- and chipset-specific and is not enumerated in the provided data, so cite the OEM's patched build rather than a single global version number. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Create an inventory of all Snapdragon devices in use, prioritizing business-critical systems (executive mobile devices, IoT gateways, industrial controllers). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Local privilege escalation and memory corruption in Qualcomm Snapdragon WLAN firmware occurs when the driver parses malf
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Use-after-free memory corruption in Qualcomm Snapdragon platform driver code allows a local low-privileged process to tr
Local privilege escalation via memory corruption affects a broad range of Qualcomm Snapdragon chipsets, where a use-afte
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41929
GHSA-8956-f28w-h25c