Skip to main content

Qualcomm Snapdragon EUVDEUVD-2025-210023

| CVE-2025-59610 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-06-01 qualcomm GHSA-j87j-wfvp-42c4
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 01, 2026 - 23:00 vuln.today

DescriptionCVE.org

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.

AnalysisAI

Memory corruption in Qualcomm Snapdragon affects the IOCTL request processing path, exploitable by a local attacker with high privileges who can win a race condition between API version validation and user-space buffer consumption. Successful exploitation yields high-impact confidentiality, integrity, and availability compromise despite the moderate overall CVSS score of 6.4, which is suppressed by the high attack complexity and privilege requirements. No public exploit code and no CISA KEV listing have been identified at time of analysis, limiting immediate widespread risk.

Technical ContextAI

The vulnerability is rooted in CWE-367 (Time-of-check Time-of-use, TOCTOU), a class of race condition in which a kernel driver reads a user-space buffer at check-time (e.g., to validate an API version) and then re-reads or acts on that same buffer at use-time, without holding exclusive ownership between the two operations. An attacker controlling a concurrent thread can modify the user-space buffer in the window between check and use, causing the driver to process data under a different (mismatched) API version context than was validated. The Snapdragon ecosystem - identified via CPE cpe:2.3:a:qualcomm,_inc.:snapdragon:*:*:*:*:*:*:*:* - uses IOCTL interfaces extensively for communication between user-space applications and privileged kernel drivers (e.g., GPU, DSP, modem subsystems). Mismatched API version handling in this context can corrupt internal kernel structures, leading to potential arbitrary code execution in kernel context. The 'Buffer Overflow' tag supplied alongside CWE-367 suggests the TOCTOU outcome manifests as an out-of-bounds write, likely overflowing a fixed-size kernel buffer sized for one API version with data from another.

RemediationAI

The primary remediation is to apply the patch distributed via Qualcomm's June 2026 Security Bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html. An exact patched firmware or driver version is not independently confirmed from the available data - consult the bulletin directly for per-SKU patch identifiers. OEM device makers should integrate the Qualcomm-provided fix into their firmware update pipelines and push updates to end-user devices promptly. As a compensating control where patching is delayed, organizations can restrict access to the vulnerable IOCTL interface by limiting which user-space processes are permitted to invoke it (e.g., via SELinux/seccomp policy tightening or mandatory access control rules on Android), accepting the trade-off of potentially reduced driver functionality for affected applications. Since PR:H is required, hardening privileged process isolation and auditing which applications hold elevated permissions on affected devices reduces the attacker pool that could reach this code path.

CVE-2026-25293 CRITICAL
9.6 May 04

Buffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau

CVE-2026-25277 HIGH
8.8 Jun 01

Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o

CVE-2026-25276 HIGH
8.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr

CVE-2025-47392 HIGH
8.8 Apr 06

Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution

CVE-2026-24088 HIGH
8.2 Jun 01

Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci

CVE-2026-25259 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip

CVE-2026-25258 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during

CVE-2025-59606 HIGH
7.8 Jun 01

Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged

CVE-2025-59605 HIGH
7.8 Jun 01

Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-

CVE-2025-59604 HIGH
7.8 Jun 01

Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig

CVE-2026-24082 HIGH
7.8 May 04

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c

CVE-2025-47408 HIGH
7.8 May 04

Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c

Share

EUVD-2025-210023 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy