The vulnerability is a stack‑based buffer overflow that occurs when the camera driver processes a frame request originating from user space. The flaw can corrupt memory on the stack and potentially allow an attacker to execute arbitrary code with kernel privileges. This can lead to full system compromise, data theft, or denial of service.

Qualcomm technology such as Snapdragon mobile platforms and a broad range of board‑support‑packages and firmware modules listed in the CPE string set are affected. The specific certifications vary by hardware family, including fastconnect kits, IQ series, and several Snapdragon generational releases. Exact patch levels are not enumerated in the advisory, so any device running the referenced driver versions is subject to risk.

The CVSS score is 7.8, indicating high severity. The EPSS score is below 1%, indicating a low current exploitation probability. The flaw is not listed in CISA’s KEV catalog. The attack path is inferred to be local: an attacker must be able to send a crafted frame request to the driver, which is typically possible from local user space or via privileged applications. Given the kernel‑level impact, the risk remains high if the device is not patched.