Description
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Published: 2026-05-04
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Memory corruption occurs when an external driver invokes an IOCTL operation with invalid input or output buffers. The untrusted pointer dereference can overwrite kernel memory, potentially allowing an attacker to execute arbitrary code or gain elevated privileges. The weakness corresponds to CWE-822. The description indicates direct memory corruption rather than an informational disclosure, so the primary security impact is modification of system state by a privileged entity.

Affected Systems

The vulnerability affects Qualcomm, Inc. Snapdragon firmware, specifically the power optimization component. No version details are provided; all Snapdragon devices that incorporate the vulnerable power optimization firmware are potentially impacted.

Risk and Exploitability

The CVSS score of 7.8 classifies this issue as a high severity vulnerability. The associated EPSS score is not available, so the current exploitation probability cannot be quantified. The vulnerability is not yet listed in the CISA KEV catalog, indicating no confirmed active exploitation at this time. Based on the description, the attack vector is inferred to be a local driver‑level request; an attacker could trigger the exploit by loading a malicious driver that performs the offending IOCTL or by compromising a legitimate driver that is allowed to call it. If the attacker can run code with driver privileges, the corruption could lead to remote code execution or privilege escalation across the kernel space.

Generated by OpenCVE AI on May 4, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Qualcomm firmware update that fixes the power optimization driver pointer dereference.
  • Disable or unload the Power Optimization firmware module while the patch is pending to eliminate the exploitable entry point.
  • Configure the device to restrict IOCTL access to trusted drivers, such as by enabling driver authentication or ACL mechanisms for the power optimization IOCTL interface.

Generated by OpenCVE AI on May 4, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
Title Untrusted Pointer Dereference in Power Optimization Firmware
Weaknesses CWE-822
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T17:56:29.953Z

Reserved: 2025-05-06T08:33:16.278Z

Link: CVE-2025-47408

cve-icon Vulnrichment

Updated: 2026-05-04T17:53:42.394Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:21.257

Modified: 2026-05-04T17:16:21.257

Link: CVE-2025-47408

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:00:07Z

Weaknesses