Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
AnalysisAI
Information disclosure in Qualcomm Snapdragon firmware allows local authenticated attackers to read sensitive kernel memory via malformed IOCTL handler callbacks that bypass buffer size validation. The vulnerability affects multiple Snapdragon chipset versions and requires local access with limited privileges; exploitation results in confidentiality breach without direct system compromise. No active exploitation has been confirmed at the time of analysis.
Technical ContextAI
The vulnerability exists in Snapdragon IOCTL (Input/Output Control) handler implementations that process driver callbacks without proper buffer boundary validation before reading or copying data. IOCTL handlers are kernel-level interfaces allowing user-space applications to communicate directly with device drivers. The root cause is classified as CWE-126 (Buffer Over-read), where the handler reads beyond allocated buffer boundaries when processing IOCTL requests. The CPE indicates this affects Snapdragon application processors across multiple revisions, which power a broad range of mobile and embedded devices. The combination of information disclosure with noted buffer overflow semantics suggests unsafe memory access patterns in the IOCTL parsing logic, potentially in qualcomm_inc.'s proprietary chipset firmware or HAL (Hardware Abstraction Layer) components.
RemediationAI
Apply the security update distributed via Qualcomm's May 2026 security bulletin (https://docs.qualcomm.com/product/securitybulletin/may-2026-bulletin.html), which contains patch firmware for affected Snapdragon revisions. Specific patch version numbers are not confirmed in the available data. Consumers should ensure devices receiving Snapdragon chipsets are updated to the latest available firmware from their device manufacturer (Samsung, Xiaomi, Qualcomm, etc.), as OEMs may lag Qualcomm's release schedule. As a temporary mitigation, restrict application permissions to limit IOCTL access to drivers on multi-user systems; however, this requires custom kernel configuration and is not practical for consumer devices. Monitor for malicious apps attempting to trigger the vulnerable IOCTL path (e.g., via reverse-engineering the driver interface or fuzzing), and consider disabling non-essential kernel-to-user driver communication pathways if the affected chipset's specific vulnerable driver is identified.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209631