Severity by source
AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory corruption while processing fastboot commands with invalid input.
AnalysisAI
Memory corruption in Qualcomm Snapdragon fastboot bootloader handling allows a privileged local attacker with physical access to corrupt memory by issuing malformed fastboot commands, with scope change (CVSS S:C) indicating impact extends beyond the bootloader's security boundary. The flaw was disclosed by Qualcomm in the June 2026 security bulletin and carries a CVSS 3.1 base score of 7.2 (High). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires physical USB (or transport-equivalent) access to the target Snapdragon device while it is in fastboot/bootloader mode, plus the elevated bootloader privileges indicated by CVSS PR:H - meaning the device must either have an unlocked bootloader, valid OEM-signed unlock credentials, or be in an OEM engineering/developer state that grants privileged fastboot commands. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H paints a nuanced picture: physical access (AV:P) and high privileges (PR:H) sharply limit who can exploit this, but the scope change (S:C) with full CIA impact reflects that compromising the bootloader breaks the device's root of trust. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with physical custody of a Snapdragon-based device that is in (or can be coerced into) fastboot mode with elevated bootloader privileges - for example, a stolen device with a previously unlocked bootloader, or one held during border inspection - connects via USB and issues a crafted fastboot command containing syntactically invalid input. The bootloader's parser mishandles the malformed input, corrupting memory in a way that bypasses verified boot integrity checks, enabling the attacker to flash modified partitions, extract decryption keys held by the bootloader stage, or implant persistent firmware-level malware that survives factory reset. … |
| Remediation | Apply the patch available per Qualcomm's June 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html); released patched bootloader/firmware versions are published per-chipset in that bulletin and must be obtained from each device OEM as integrated firmware updates, since end users cannot patch the Qualcomm bootloader directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Snapdragon-based devices in your environment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33846
GHSA-44rg-9789-64x6