The vulnerability arises from memory corruption when the camera driver accesses freed memory during concurrent fence deregistration and signal handling. This results in a use‑after‑free condition (CWE‑416). The primary impact is the potential alteration of memory contents, which could undermine the integrity of the device and, if exploited, could lead to denial of service or escalation of privileges within the firmware context.

Qualcomm Snapdragon devices and associated firmware are affected. The issue spans a range of hardware, including Snapdragon AR1 Gen 1 platforms, Snapdragon XR series (SXR2230p, SXR2250p, SXR2330p, SXR2350p), various Wi‑Fi and Bluetooth modules (WCD9380, WCD9385, WCN7860, WCN7861), and modem components (FastConnect 6900/7800, Pandeiro, QLN1083BD/1086BD, QPA1083BD/1086BD, QXM1083/1086/1093/1094/1095/1096, SAR1165P, SAR2130P). Firmware versions are not specified in the advisory, so any firmware containing the vulnerable camera driver code is potentially impacted.

The CVSS score of 6.5 indicates a moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation in the near term. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be device‑local, potentially triggered when the camera subsystem registers or deregisters fences concurrently with signal handling; an attacker would need to drive the camera driver into this race condition to exploit the use‑after‑free.