Description
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
Published: 2026-06-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a null pointer dereference that occurs during a memory copy operation, causing invalid writes that corrupt memory. This flaw can lead to application or system crashes, potentially affecting the stability and integrity of the affected device. The direct impact is a denial of service for the affected components, with the severity reflected in a CVSS score of 7.8.

Affected Systems

Qualcomm, Inc. Snapdragon mobile processors and associated software components are known to be affected. Specific product models or firmware versions are not listed, indicating that any Snapdragon implementation deploying the vulnerable code path could be at risk.

Risk and Exploitability

The CVSS score of 7.8 denotes high severity, while the EPSS score is not available, so the current exploitation probability cannot be quantified. The vulnerability is not listed in CISA's KEV catalog, implying no confirmed public exploits are known. The likely attack vector appears to be local or remote code that triggers the memory copy operation; however, based on the description, this inference is made rather than directly stated. Exploitation would require the attacker to trigger the vulnerable memory copy operation, which could lead to memory corruption and potential denial of service.

Generated by OpenCVE AI on June 1, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Qualcomm firmware or software patch that addresses the null pointer dereference in the memory copy routine.
  • If a patch is not yet available, restrict or disable the use of the affected component until an update is released and monitor system logs for related crashes or instability.
  • Implement additional runtime memory protection mechanisms such as address space layout randomization or stack canaries if supported by the platform, to mitigate accidental or malicious exploitation of the vulnerability.

Generated by OpenCVE AI on June 1, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
Title NULL Pointer Dereference in SPS Applications
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:24.558Z

Reserved: 2025-09-18T03:19:23.201Z

Link: CVE-2025-59604

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:15.613

Modified: 2026-06-01T23:16:15.613

Link: CVE-2025-59604

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:00:11Z

Weaknesses