Impact
The flaw is a use‑after‑free memory corruption caused when the Snapdragon kernel processes device I/O control calls that map and later unmap persistent memory buffers without proper synchronization. Based on the description, it is inferred that this improper synchronization leads to the kernel accessing freed memory, resulting in arbitrary corruption that could be leveraged to execute arbitrary code or bring the device to an unstable state. The weakness is classified as CWE‑416.
Affected Systems
Qualcomm’s Snapdragon platform is affected. Specific firmware or operating‑system versions are not provided, so any Snapdragon device that implements the vulnerable I/O control interface should be assumed at risk. Administrators should consult Qualcomm’s July 2026 security bulletin for detailed patch information and apply updates accordingly.
Risk and Exploitability
The CVSS score of 6.6 classifies the issue as moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the likely attack vector is local or privileged access to the device, as the exploit requires invoking the specific memory map/unmap sequence. Though no publicly available exploits are documented, the potential for arbitrary code execution makes the risk significant enough that a patch should be applied promptly.
OpenCVE Enrichment