Description
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
Published: 2026-05-04
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the camera subsystem when the driver processes sensor I/O control codes with improperly sized output buffers. This flaw allows an attacker to cause a memory corruption that may result in a crash or, in some conditions, arbitrary code execution. The weakness is a classic untrusted pointer dereference offering potential for confidentiality, integrity, and availability violations.

Affected Systems

Qualcomm Snapdragon devices are affected; specific firmware or driver versions are not listed in the public data, so any device utilizing the camera drivers outlined by Qualcomm may be vulnerable.

Risk and Exploitability

With a CVSS score of 7.8, the vulnerability is considered high severity. The EPSS score is not available, so the exploitation probability is unknown, and the issue is not listed in the CISA KEV catalog. The likely attack vector involves crafting malicious camera sensor input or output control commands that a compromised or malicious application could deliver, especially on systems where the camera driver runs with elevated privileges. If successfully exploited, the attacker could gain arbitrary code execution on the device or force a denial of service by crashing the camera subsystem.

Generated by OpenCVE AI on May 4, 2026 at 18:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released patch or firmware update that corrects the camera driver buffer handling
  • Disable or remove the camera module from devices that do not require camera functionality
  • Restrict camera driver access to only trusted applications by enforcing strict permission policies
  • Monitor system logs for unexpected camera driver crashes or abnormal memory accesses as an early detection mechanism

Generated by OpenCVE AI on May 4, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
Title Untrusted Pointer Dereference in Camera
Weaknesses CWE-822
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T17:32:25.870Z

Reserved: 2025-05-06T08:33:16.277Z

Link: CVE-2025-47405

cve-icon Vulnrichment

Updated: 2026-05-04T17:21:30.264Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:20.827

Modified: 2026-05-04T17:16:20.827

Link: CVE-2025-47405

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:30:02Z

Weaknesses