Analysis
Impact
A buffer size validation bug triggers an out‑of‑bounds write when a random number generator command is sent with an insufficient output buffer. The write can corrupt adjacent memory, and based on the description it is inferred that if an attacker can influence the command payload, they could exploit the corruption to raise privileges or execute arbitrary code. The weakness corresponds to CWE‑787 and represents a moderate severity scenario, as reflected by the CVSS score of 6.7.
Affected Systems
Qualcomm Snapdragon processors running on Windows compute platforms are impacted. Specific firmware or driver versions are not listed in the advisory; any installation of Qualcomm Snapdragon components on Windows systems is potentially vulnerable until a patch is applied.
Risk and Exploitability
The vulnerability is listed with a CVSS score of 6.7, but the EPSS score is not reported, making exploitation likelihood unclear. It is not currently listed in the CISA KEV catalog, suggesting the vulnerability may not yet be widely exploited in the wild. It is inferred that attackers would need to be able to send a crafted RNG command to a local process with sufficient privileges, implying a local or controlled scenario rather than a remote attack vector.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment 
Vulnrichment