Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
AnalysisAI
Memory corruption in Qualcomm Snapdragon camera subsystem allows local authenticated users to execute arbitrary code with high privileges through crafted input/output control (ioctl) calls targeting camera sensor interfaces with malformed output buffers. CVSS score of 7.8 reflects local attack vector requiring low-privilege account access. No EPSS data or KEV listing at time of analysis, suggesting exploitation has not been publicly observed. Qualcomm security bulletin scheduled for May 2026 indicates vendor-coordinated disclosure with patches expected in that timeframe.
Technical ContextAI
This vulnerability affects the camera sensor driver interface in Qualcomm Snapdragon systems-on-chip (SoC), specifically within the ioctl handler that processes camera sensor configuration commands. The root cause is CWE-822 (Untrusted Pointer Dereference), where the driver fails to properly validate output buffer pointers provided by userspace applications before writing camera sensor data. When an application issues camera sensor control codes (ioctl commands) with invalid or malicious output buffer addresses, the kernel driver writes data to arbitrary memory locations, causing memory corruption. This class of vulnerability typically occurs in device drivers that expose direct hardware control to userspace through character device interfaces (/dev/videoX or similar). Snapdragon SoCs are widely deployed across Android mobile devices, automotive systems, and IoT platforms where camera functionality is driver-managed at the kernel level.
RemediationAI
Apply firmware and driver updates from the Qualcomm May 2026 Security Bulletin when released at https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html. For Android devices, monitor OEM security updates that incorporate Qualcomm patches - deployment typically occurs 1-3 months after Qualcomm release depending on manufacturer. Until patches are available, implement defense-in-depth controls: restrict installation of untrusted applications through mobile device management (MDM) policies and app allowlisting to limit attacker's ability to gain initial local access required for exploitation. Disable camera permissions for non-essential applications via Android permission controls, reducing attack surface exposure to camera ioctl interfaces. Consider isolating high-value devices on separate network segments with enhanced monitoring for privilege escalation indicators (unexpected kernel module loads, process UID changes). Note that disabling camera hardware is not practical for most use cases and does not prevent ioctl exploitation by malicious apps. SELinux enforcing mode on Android provides limited containment but should not be relied upon as primary mitigation for kernel memory corruption.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Local privilege escalation and memory corruption in Qualcomm Snapdragon WLAN firmware occurs when the driver parses malf
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation via memory corruption affects Qualcomm Snapdragon platforms, where allocating memory with siz
Use-after-free memory corruption in Qualcomm Snapdragon platform driver code allows a local low-privileged process to tr
Local privilege escalation via memory corruption affects a broad range of Qualcomm Snapdragon chipsets, where a use-afte
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Same weakness CWE-822 – Untrusted Pointer Dereference
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209630