The vulnerability arises from a memory corruption flaw in the High‑Level Operating System (HLOS) that processes device identifier strings exceeding the expected maximum length, leading to an out‑of‑bounds write (CWE‑787). This flaw can corrupt adjacent memory and potentially allow an attacker to execute arbitrary code, alter system state, or crash the HLOS, causing loss of confidentiality, integrity, and availability.

Qualcomm Snapdragon devices that run the HLOS are affected, as the issue is tied to the handling of device identifiers within the Qualcomm, Inc. Snapdragon ecosystem. No specific firmware or OS versions are enumerated, so all current Snapdragon HLOS deployments should be evaluated.

The CVSS score of 7.8 indicates a high severity weakness, and while the EPSS score is not available, the lack of a KEV listing suggests moderate exploit prevalence today. Based on the description, the likely attack vector involves supplying crafted device identifier strings, which could be delivered via OTA updates, network communication, or local configuration. An attacker with the ability to influence these inputs could trigger the out‑of‑bounds write during initialization or runtime, enabling remote code execution or denial of service.