Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
AnalysisAI
Local privilege escalation in Qualcomm Snapdragon platforms stems from a Time-of-Check to Time-of-Use (TOCTOU) race condition in shared buffer handling, where kernel-mode code reads user-mode input without re-validation after initial checks. A low-privileged local attacker can corrupt memory to gain full confidentiality, integrity, and availability impact on the affected device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already be able to execute code locally on the device as a low-privileged user (CVSS PR:L) - practically, this means an installed Android app, a compromised system service, or a sandboxed process - and must be able to open the affected Snapdragon driver/IPC interface that exposes the shared buffer. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H scores 7.8 and signals high-impact local privilege escalation reachable by any authenticated low-privileged process - a realistic scenario on Android phones where untrusted apps run as unprivileged users. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious Android app installed by the user (or delivered via a sandboxed exploit chain from a browser bug) runs as a normal unprivileged UID, opens the vulnerable Snapdragon driver's shared buffer, and spawns a second thread that continuously flips a length or pointer field in the buffer. The privileged kernel-side code validates the field, then re-reads it during use, encounters the attacker's mutated value, and corrupts memory - yielding kernel code execution and a full device root. … |
| Remediation | Patch available per vendor advisory - apply the firmware/driver updates referenced in the Qualcomm June 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html) as soon as the downstream OEM (Android device maker, automotive integrator, etc.) ships the corresponding monthly security patch level. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Snapdragon devices across the enterprise and document local user access policies on affected platforms. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33825
GHSA-8wfg-43p7-wg28