Analysis
Impact
The vulnerability is a Time‑of‑Check Time‑of‑Use race condition in the Snapdragon camera driver that allows concurrent modification of a user‑space buffer during IOCTL processing. When an IOCTL request with a mismatched API version is handled while another process writes to the same buffer, invalid data can be read or written, leading to memory corruption. The flaw is classified as CWE‑367 and, if triggered, could cause application or system crashes and potentially open a vector for further exploitation.
Affected Systems
Qualcomm Snapdragon devices whose camera driver accepts IOCTL commands from user space are affected. Specific product or version references are not detailed in the advisory; any Snapdragon camera driver that processes IOCTLs with version checks may be vulnerable.
Risk and Exploitability
The CVSS score of 6.4 indicates a moderate risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. The likely attack vector involves a local user sending specially crafted IOCTL requests to the camera driver; the race condition requires timing coordination, making exploitation more complex but feasible against devices with exposed IOCTL interfaces.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment
Vulnrichment