The Snapdragon DSP Service contains an IOCTL handler that processes callback data without verifying the size of the supplied buffer, resulting in a buffer over‑read (CWE‑125, CWE‑126) that can expose sensitive memory contents. This flaw permits an attacker to read beyond the intended bounds of the IOCTL payload, potentially revealing confidential data.

All Qualcomm Snapdragon processors that expose the DSP Service IOCTL interface are affected; no specific firmware or software version range was provided, so any device using this service is potentially vulnerable.

The CVSS score of 6.1 indicates moderate severity. The EPSS score is < 1%, indicating a low but non-zero likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is operating either locally or remotely through crafted IOCTL calls to the DSP Service. At present no vendor patch or workaround has been released, so a precautionary patch when available should be prioritized.