Description
Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
Published: 2026-05-04
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a time‑of‑check/time‑of‑use race condition in Qualcomm’s Snapdragon DSP service that can cause memory corruption at the kernel level during process creation. This race occurs when an allocation fails during kernel processing, leading to corrupted kernel memory. No additional impact beyond the stated memory corruption is described.

Affected Systems

Qualcomm Snapdragon processors are the identified affected vendors and products. No specific firmware or kernel versions are listed, so any device that includes the DSP service and has not received a vendor update could be vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector would likely require local or privileged access because the flaw occurs during internal DSP process creation. No public exploits are documented. As such, the risk remains high pending a vendor fix.

Generated by OpenCVE AI on May 4, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install any Qualcomm firmware or operating‑system update that addresses the TOCTOU race in the DSP service.
  • If no update is available, limit or disable the DSP service or restrict application privileges that initiate DSP processes until a patch is released.
  • Continuously monitor device logs for abnormal allocation failures or kernel crashes, and forward findings to Qualcomm’s security team for further guidance.

Generated by OpenCVE AI on May 4, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
Title Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T17:52:21.202Z

Reserved: 2025-05-06T08:33:16.278Z

Link: CVE-2025-47407

cve-icon Vulnrichment

Updated: 2026-05-04T17:52:15.499Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:21.097

Modified: 2026-05-04T17:16:21.097

Link: CVE-2025-47407

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T23:15:11Z

Weaknesses