Severity by source
AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory corruption while processing fastboot commands with improperly formatted input.
AnalysisAI
Memory corruption in Qualcomm Snapdragon fastboot bootloader processing allows a physically present attacker with high privileges to corrupt memory by submitting improperly formatted fastboot commands. The flaw carries a CVSS 7.2 score reflecting physical attack vector with scope change, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Device must be in fastboot/bootloader mode with the attacker physically connected (typically via USB) and already holding privileged bootloader access (PR:H - e.g., unlocked bootloader, OEM provisioning credentials, or an authorized fastboot session). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 7.2 (High) rating is driven by full CIA impact with scope change (S:C), tempered by physical attack vector (AV:P) and high privileges (PR:H), which substantially narrow real-world exploitability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with physical access to a Snapdragon device places it into fastboot mode (requiring an unlocked bootloader or privileged provisioning context) and over USB issues a malformed fastboot command containing improperly formatted arguments. The parser mishandles the input, corrupting memory in the bootloader and enabling the attacker to subvert the boot chain - potentially loading unsigned code, extracting secrets from secure storage, or persisting an implant below the OS. … |
| Remediation | Patch available per vendor advisory: apply the firmware updates referenced in Qualcomm's June 2026 Security Bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html) once the corresponding OEM device firmware/OTA incorporating the fixed Snapdragon components is released; exact patched version strings are listed in that bulletin per chipset. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all Snapdragon devices in provisioning, recovery, or firmware-update states, and restrict physical access to authorized personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33848
GHSA-6gj5-936c-vhwv