Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory corruption while using Strongbox due to missing bounds check.
AnalysisAI
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox trusted execution component, where a missing bounds check enables memory corruption from a low-privileged context. A successful exploit crosses a trust boundary (CVSS scope=Changed) and yields high impact to confidentiality, integrity, and availability on the affected device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already be executing code locally on a device built around an affected Qualcomm Snapdragon SoC (CVSS AV:L) with at least low privileges sufficient to call the Strongbox/keystore interface (PR:L) - in practice, an installed unprivileged Android app or a compromised low-privilege native process is enough, and no user interaction is required (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H produces 8.8 primarily because the Scope is Changed - a low-privileged local caller can impact resources (the Strongbox TEE) beyond its own security authority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious or compromised low-privileged Android application invokes the Strongbox keystore interface with a crafted index or length parameter that bypasses the missing bounds check, corrupting secure-world memory. The attacker leverages the resulting Scope-Changed primitive to disclose or tamper with cryptographic key material, forge attestation, or destabilize the TEE, ultimately escalating from app sandbox to compromise of hardware-backed secrets on the device. … |
| Remediation | Patch available per vendor advisory: apply the Qualcomm June 2026 Security Bulletin fixes at https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html as soon as the relevant OEM/carrier delivers an updated device firmware image containing the corrected Strongbox component; exact released firmware versions are not enumerated in the supplied data and must be taken from the bulletin and OEM advisories. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Snapdragon-based devices in your environment (Android phones, tablets, IoT systems, connected vehicles). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Memory corruption in Qualcomm Snapdragon camera subsystem allows local authenticated users to execute arbitrary code wit
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33826
GHSA-c5pf-h876-qpm9